George Dunlap writes ("[PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU
sandboxing"):
> QEMU has a `sandbox` feature, wherein it will use seccomp2 to restrict
> what system calls it is able to make.
...
> + flexarray_append(dm_args,
> "on,obsolete=deny,elevateprivileges=allow,spawn=deny,resourcecontrol=deny");
Why `elevateprivileges=allow' ?
In this syntax, what happens with unmentioned abilities ?
Thanks,
Ian.
_______________________________________________
Xen-devel mailing list
[email protected]
https://lists.xenproject.org/mailman/listinfo/xen-devel
