On Fri, Dec 6, 2013 at 4:40 PM, Will Drewry wrote:
> On Fri, Dec 6, 2013 at 3:13 AM, Stefan Hajnoczi wrote:
>> On Thu, Dec 05, 2013 at 10:12:00AM -0600, Will Drewry wrote:
>>> On Thu, Dec 5, 2013 at 7:15 AM, Stefan Hajnoczi wrote:
>>> > On Wed, Dec 04, 2013 at 11:21:12AM -0200, Eduardo Otubo wro
On Fri, Dec 6, 2013 at 3:13 AM, Stefan Hajnoczi wrote:
> On Thu, Dec 05, 2013 at 10:12:00AM -0600, Will Drewry wrote:
>> On Thu, Dec 5, 2013 at 7:15 AM, Stefan Hajnoczi wrote:
>> > On Wed, Dec 04, 2013 at 11:21:12AM -0200, Eduardo Otubo wrote:
>> >> On 12/04/2013 07:39 AM, Stefan Hajnoczi wrote:
On Thu, Dec 05, 2013 at 10:12:00AM -0600, Will Drewry wrote:
> On Thu, Dec 5, 2013 at 7:15 AM, Stefan Hajnoczi wrote:
> > On Wed, Dec 04, 2013 at 11:21:12AM -0200, Eduardo Otubo wrote:
> >> On 12/04/2013 07:39 AM, Stefan Hajnoczi wrote:
> >> >On Fri, Nov 22, 2013 at 11:00:24AM -0500, Paul Moore wr
On Thu, Dec 5, 2013 at 7:15 AM, Stefan Hajnoczi wrote:
> On Wed, Dec 04, 2013 at 11:21:12AM -0200, Eduardo Otubo wrote:
>> On 12/04/2013 07:39 AM, Stefan Hajnoczi wrote:
>> >On Fri, Nov 22, 2013 at 11:00:24AM -0500, Paul Moore wrote:
>> >>>Developers will only be happy with seccomp if it's easy an
On Wed, Dec 04, 2013 at 11:21:12AM -0200, Eduardo Otubo wrote:
> On 12/04/2013 07:39 AM, Stefan Hajnoczi wrote:
> >On Fri, Nov 22, 2013 at 11:00:24AM -0500, Paul Moore wrote:
> >>>Developers will only be happy with seccomp if it's easy and rewarding to
> >>>support/debug.
> >>
> >>Agreed.
> >>
> >>
On 12/04/2013 08:21 AM, Eduardo Otubo wrote:
On 12/04/2013 07:39 AM, Stefan Hajnoczi wrote:
On Fri, Nov 22, 2013 at 11:00:24AM -0500, Paul Moore wrote:
Developers will only be happy with seccomp if it's easy and
rewarding to
support/debug.
Agreed.
As a developer, how do you feel about th
On 12/04/2013 07:39 AM, Stefan Hajnoczi wrote:
On Fri, Nov 22, 2013 at 11:00:24AM -0500, Paul Moore wrote:
Developers will only be happy with seccomp if it's easy and rewarding to
support/debug.
Agreed.
As a developer, how do you feel about the audit/syslog based approach I
mentioned earlie
The existing approach clearly doesn't support the full range of options
that users specify on the command-line.
Bugs. It will get fixed in time with more testing/debugging. Eduardo is
working on improving the testing and RH's QA folks are working hard to shake
out the bugs too. I just poste
On Fri, Nov 22, 2013 at 11:00:24AM -0500, Paul Moore wrote:
> > Developers will only be happy with seccomp if it's easy and rewarding to
> > support/debug.
>
> Agreed.
>
> As a developer, how do you feel about the audit/syslog based approach I
> mentioned earlier?
I used the commands you posted
On Friday, November 22, 2013 04:48:41 PM Stefan Hajnoczi wrote:
> On Fri, Nov 22, 2013 at 09:44:42AM -0500, Paul Moore wrote:
> > On Friday, November 22, 2013 11:39:31 AM Stefan Hajnoczi wrote:
> > > On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote:
> > > > I'm always open to suggestions
On Fri, Nov 22, 2013 at 09:44:42AM -0500, Paul Moore wrote:
> On Friday, November 22, 2013 11:39:31 AM Stefan Hajnoczi wrote:
> > On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote:
> > > I'm always open to suggestions on how to improve the development/debugging
> > > process, so if you hav
On Friday, November 22, 2013 11:39:31 AM Stefan Hajnoczi wrote:
> On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote:
> > I'm always open to suggestions on how to improve the development/debugging
> > process, so if you have any ideas please let me know.
>
> The failure mode is terrible:
On Friday, November 22, 2013 11:34:41 AM Stefan Hajnoczi wrote:
> IMO this seccomp approach is doomed since QEMU does not practice
> privilege separation. QEMU is monolithic so it's really hard to create
> a meaningful sets of system calls.
I'm a big fan of decomposing QEMU, but based on previous
On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote:
> On Thursday, November 21, 2013 04:14:11 PM Paolo Bonzini wrote:
> > Il 30/10/2013 11:04, Stefan Hajnoczi ha scritto:
> > > On Wed, Oct 23, 2013 at 12:42:34PM -0200, Eduardo Otubo wrote:
> > >> On 10/22/2013 11:00 AM, Anthony Liguori wrot
On Wed, Oct 30, 2013 at 11:04:39AM +0100, Stefan Hajnoczi wrote:
> On Wed, Oct 23, 2013 at 12:42:34PM -0200, Eduardo Otubo wrote:
> > On 10/22/2013 11:00 AM, Anthony Liguori wrote:
> > >On Tue, Oct 22, 2013 at 12:21 PM, Eduardo Otubo
> > > wrote:
> > >>Inverting the way sandbox handles arguments, m
Il 30/10/2013 11:04, Stefan Hajnoczi ha scritto:
> On Wed, Oct 23, 2013 at 12:42:34PM -0200, Eduardo Otubo wrote:
>>
>>
>> On 10/22/2013 11:00 AM, Anthony Liguori wrote:
>>> On Tue, Oct 22, 2013 at 12:21 PM, Eduardo Otubo
>>> wrote:
Inverting the way sandbox handles arguments, making possible
On 11/21/2013 01:48 PM, Paul Moore wrote:
On Thursday, November 21, 2013 04:14:11 PM Paolo Bonzini wrote:
Il 30/10/2013 11:04, Stefan Hajnoczi ha scritto:
On Wed, Oct 23, 2013 at 12:42:34PM -0200, Eduardo Otubo wrote:
On 10/22/2013 11:00 AM, Anthony Liguori wrote:
On Tue, Oct 22, 2013 at 12
On Thursday, November 21, 2013 04:14:11 PM Paolo Bonzini wrote:
> Il 30/10/2013 11:04, Stefan Hajnoczi ha scritto:
> > On Wed, Oct 23, 2013 at 12:42:34PM -0200, Eduardo Otubo wrote:
> >> On 10/22/2013 11:00 AM, Anthony Liguori wrote:
> >>> On Tue, Oct 22, 2013 at 12:21 PM, Eduardo Otubo
> >>>
> >>
On Wed, Oct 23, 2013 at 12:42:34PM -0200, Eduardo Otubo wrote:
>
>
> On 10/22/2013 11:00 AM, Anthony Liguori wrote:
> >On Tue, Oct 22, 2013 at 12:21 PM, Eduardo Otubo
> > wrote:
> >>Inverting the way sandbox handles arguments, making possible to have no
> >>argument and still have '-sandbox on' e
On 10/22/2013 11:00 AM, Anthony Liguori wrote:
On Tue, Oct 22, 2013 at 12:21 PM, Eduardo Otubo
wrote:
Inverting the way sandbox handles arguments, making possible to have no
argument and still have '-sandbox on' enabled.
Signed-off-by: Eduardo Otubo
---
The option '-sandbox on' is now used
On Tue, Oct 22, 2013 at 12:21 PM, Eduardo Otubo
wrote:
> Inverting the way sandbox handles arguments, making possible to have no
> argument and still have '-sandbox on' enabled.
>
> Signed-off-by: Eduardo Otubo
> ---
>
> The option '-sandbox on' is now used by default by virt-test[0] -- it has be
Inverting the way sandbox handles arguments, making possible to have no
argument and still have '-sandbox on' enabled.
Signed-off-by: Eduardo Otubo
---
The option '-sandbox on' is now used by default by virt-test[0] -- it has been
merged into the 'next' branch and will be available in the next r
22 matches
Mail list logo
