Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by default

On Fri, Dec 6, 2013 at 3:13 AM, Stefan Hajnoczi wrote: > On Thu, Dec 05, 2013 at 10:12:00AM -0600, Will Drewry wrote: >> On Thu, Dec 5, 2013 at 7:15 AM, Stefan Hajnoczi wrote: >> > On Wed, Dec 04, 2013 at 11:21:12AM -0200, Eduardo Otubo wrote: >> >> On 12/04/2013 0

Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by default

On Thu, Dec 5, 2013 at 7:15 AM, Stefan Hajnoczi wrote: > On Wed, Dec 04, 2013 at 11:21:12AM -0200, Eduardo Otubo wrote: >> On 12/04/2013 07:39 AM, Stefan Hajnoczi wrote: >> >On Fri, Nov 22, 2013 at 11:00:24AM -0500, Paul Moore wrote: >> >>>Developers will only be happy with seccomp if it's easy an

Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to libseccomp in vl.c

On Sun, Jul 1, 2012 at 8:25 AM, Paolo Bonzini wrote: > Il 18/06/2012 23:53, Corey Bryant ha scritto: >>> >>> Can each thread have separate seccomp whitelists? For example CPU >>> threads should not need pretty much anything but the I/O thread needs >>> I/O. >>> >> >> No, seccomp filters are define

Re: [Qemu-devel] [RFC] Device sandboxing

On Sun, Dec 11, 2011 at 4:50 AM, Dor Laor wrote: > On 12/08/2011 11:40 AM, Stefan Hajnoczi wrote: >> >> On Wed, Dec 7, 2011 at 8:54 PM, Eric Paris  wrote: >>> >>> On Wed, 2011-12-07 at 13:43 -0600, Anthony Liguori wrote: On 12/07/2011 01:32 PM, Corey Bryant wrote: >>> >>> > That woul

Re: [Qemu-devel] Secure KVM

On Mon, Nov 7, 2011 at 12:03 PM, Anthony Liguori wrote: > On 11/07/2011 11:52 AM, Sasha Levin wrote: >> >> Hi Anthony, >> >> Thank you for your comments! >> >> On Mon, 2011-11-07 at 11:37 -0600, Anthony Liguori wrote: >>> >>> On 11/06/2011 02:40 PM, Sasha Levin wrote: Hi all, I