From: "Serge E. Hallyn" <serge.hallyn@canonical.com>
To: Paul Moore <pmoore@redhat.com>
Cc: "Stefan Hajnoczi" <stefanha@gmail.com>,
"Corey Bryant" <coreyb@linux.vnet.ibm.com>,
"Michael Halcrow" <mhalcrow@google.com>,
qemu-devel@nongnu.org, "Eric Paris" <eparis@redhat.com>,
"Ashley D Lai" <adlai@us.ibm.com>, "Avi Kivity" <avi@redhat.com>,
"Richa Marwaha" <rmarwah@us.ibm.com>,
"Amit Shah" <amit.shah@redhat.com>,
"Radim Krčmář" <radimkrcmar@hpx.cz>,
"Eduardo Terrell Ferrari Otubo" <eotubo@br.ibm.com>,
"Lee Terrell" <lterrell@us.ibm.com>,
"George Wilson" <gcwilson@us.ibm.com>
Subject: Re: [Qemu-devel] [RFC] Device sandboxing
Date: Wed, 14 Dec 2011 11:15:58 -0600 [thread overview]
Message-ID: <20111214171558.GA27963@sergelap> (raw)
In-Reply-To: <1660519.SAi13A61Ja@sifl>
Quoting Paul Moore (pmoore@redhat.com):
> On Wednesday, December 07, 2011 12:48:16 PM Anthony Liguori wrote:
> > On 12/07/2011 12:25 PM, Corey Bryant wrote:
> > > A group of us are starting to work on sandboxing QEMU device emulation
> > > code. We're just getting started investigating various approaches, and
> > > want to engage the community to gather input.
> >
> > > Following are the design points that we are currently considering:
> >
> > To be perfectly honest, I think prototyping and measuring performance is
> > going to be the only way to figure out the right approach here.
>
> Agreed. I'm currently working on a prototype to play around with some of the
> ideas discussed in this thread. As soon as it is functional I'll send a
> pointer/patches/etc. to the list.
Hey Paul,
just wondering, exactly which approache(s) are you prototyping? Are you
touching seccomp2?
thanks,
-serge
next prev parent reply other threads:[~2011-12-14 17:16 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-07 18:25 [Qemu-devel] [RFC] Device sandboxing Corey Bryant
2011-12-07 18:48 ` Anthony Liguori
2011-12-07 19:32 ` Corey Bryant
2011-12-07 19:43 ` Anthony Liguori
2011-12-07 19:52 ` Michael Halcrow
2011-12-07 20:02 ` Corey Bryant
2011-12-07 20:54 ` Eric Paris
2011-12-08 9:40 ` Stefan Hajnoczi
2011-12-11 10:50 ` Dor Laor
2011-12-12 18:54 ` Will Drewry
2011-12-08 9:47 ` Stefan Hajnoczi
2011-12-08 14:39 ` Corey Bryant
2011-12-07 21:20 ` Paul Moore
2011-12-14 17:15 ` Serge E. Hallyn [this message]
2011-12-14 23:56 ` Paul Moore
2011-12-15 14:28 ` Corey Bryant
2011-12-15 15:14 ` Serge Hallyn
2011-12-15 15:35 ` Paul Moore
2011-12-15 16:05 ` Serge Hallyn
2011-12-08 21:51 ` Blue Swirl
2011-12-12 18:30 ` Corey Bryant
2011-12-09 16:17 ` Paul Brook
2011-12-09 16:34 ` Paul Moore
2011-12-09 17:32 ` Paul Brook
2011-12-09 17:49 ` Paul Moore
2011-12-09 18:46 ` Paul Brook
2011-12-09 18:50 ` Paul Moore
2011-12-09 18:59 ` Paul Brook
2011-12-09 19:17 ` Paul Moore
2011-12-10 19:39 ` Blue Swirl
2011-12-11 9:08 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111214171558.GA27963@sergelap \
--to=serge.hallyn@canonical.com \
--cc=adlai@us.ibm.com \
--cc=amit.shah@redhat.com \
--cc=avi@redhat.com \
--cc=coreyb@linux.vnet.ibm.com \
--cc=eotubo@br.ibm.com \
--cc=eparis@redhat.com \
--cc=gcwilson@us.ibm.com \
--cc=lterrell@us.ibm.com \
--cc=mhalcrow@google.com \
--cc=pmoore@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=radimkrcmar@hpx.cz \
--cc=rmarwah@us.ibm.com \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.