On 09/06/2013 03:21 PM, Eduardo Otubo wrote:
New command line options for the seccomp blacklist feature:
$ qemu -sandbox on[,strict=<on|off>]
The strict parameter will turn on or off the new system call blacklist
I mentioned this before but I'll say it again since I think it needs
to be discussed. Since this regresses support (it'll prevent -net
bridge and -net tap from using execv) the concern I have with the
strict=on|off option is whether or not we will have the flexibility
to modify the blacklist once QEMU is released with this support. Of
course we should be able to add more syscalls to the blacklist as
long as they don't regress QEMU functionality. But if we want to
add a syscall that does regress QEMU functionality, I think we'd
have to add a new command line option, which doesn't seem desirable.
So a more flexible approach may be necessary. Maybe the blacklist
should be passed on the command line, which would enable it to be
defined by libvirt and passed to QEMU. I know Paul is working on
something for libvirt so maybe that answers this question.