From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60727) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZfWOs-0001P3-Pr for qemu-devel@nongnu.org; Fri, 25 Sep 2015 13:03:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZfWOo-0004dv-N8 for qemu-devel@nongnu.org; Fri, 25 Sep 2015 13:03:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:49044) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZfWOo-0004dV-J1 for qemu-devel@nongnu.org; Fri, 25 Sep 2015 13:03:06 -0400 From: Paul Moore Date: Fri, 25 Sep 2015 13:03:03 -0400 Message-ID: <24467062.9cvnCkQD7x@sifl> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [Qemu-devel] [PATCH v2] Add argument filters to the seccomp sandbox List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Namsun Ch'o Cc: qemu-devel@nongnu.org, eduardo.otubo@profitbricks.com On Friday, September 25, 2015 12:53:04 AM Namsun Ch'o wrote: > Another idea which would fit in with the security model is to have a dynamic > sandbox which enables syscalls and syscall filters based on what command > line or config parameters are passed to QEMU on its first start. I've suggested this in the past but to my knowledge no has done any work in this direction, including myself. Despite the lack of progress, I still think this is a very worthwhile idea. -- paul moore security @ redhat