[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC] Continuous work on sandboxing

From: Corey Bryant
Subject: Re: [Qemu-devel] [RFC] Continuous work on sandboxing
Date: Wed, 01 May 2013 11:30:00 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130402 Thunderbird/17.0.5

On 05/01/2013 10:13 AM, Paul Moore wrote:
On Tuesday, April 30, 2013 04:28:54 PM Corey Bryant wrote:
Just to be clear, I'm thinking you could launch guests in one of two
different seccomp sandboxed environments:

1) Using the existing and more permissive whitelist where every QEMU
feature works:

qemu-kvm -sandbox on,default

In general, I like the comma delimited list of sandbox filters/methods/etc.
but I'm not sure we need to explicitly specify "default", it seems like "on"
would be sufficient.  It also preserved compatibility with what we have now.

Yes, I agree.  This should definitely remain backward compatible.

Corey Bryant

reply via email to

[Prev in Thread] Current Thread [Next in Thread]