[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCHv3 1/3] seccomp: adding blacklist support
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCHv3 1/3] seccomp: adding blacklist support |
Date: |
Tue, 08 Oct 2013 20:05:35 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130923 Thunderbird/17.0.9 |
On 10/08/2013 06:42 PM, Eduardo Otubo wrote:
> v3: The "-netdev tap" option is checked in the vl.c file during the
> process of the command line argument list. It sets tap_enabled to true
> or false according to the configuration found. Later at the seccomp
> filter installation, this value is checked wheter to install or not this
s/wheter/whether/
> feature.
>
> Adding a system call blacklist right before the vcpus starts. This
> filter is composed by the system calls that can't be executed after the
> guests are up. This list should be refined as whitelist is, with as much
> testing as we can do using virt-test.
>
> Signed-off-by: Eduardo Otubo <address@hidden>
> ---
> include/sysemu/seccomp.h | 6 ++++-
> qemu-seccomp.c | 64
> +++++++++++++++++++++++++++++++++++++++---------
> vl.c | 21 +++++++++++++++-
> 3 files changed, 77 insertions(+), 14 deletions(-)
No review on the actual patch, just spotting a typo.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature