From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:59247)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1SfeJP-0000RF-Q6
	for qemu-devel@nongnu.org; Fri, 15 Jun 2012 17:44:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1SfeJO-0006jc-49
	for qemu-devel@nongnu.org; Fri, 15 Jun 2012 17:44:11 -0400
Received: from mx1.redhat.com ([209.132.183.28]:57153)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1SfeJN-0006iy-Sd
	for qemu-devel@nongnu.org; Fri, 15 Jun 2012 17:44:10 -0400
Message-ID: <4FDBACA5.8040201@redhat.com>
Date: Fri, 15 Jun 2012 15:44:05 -0600
From: Eric Blake <eblake@redhat.com>
MIME-Version: 1.0
References: <cover.1339614945.git.otubo@linux.vnet.ibm.com>
	<20120613203028.GB6019@redhat.com>
	<CAAu8pHtW6sBhrFAfNPe_R=tTWZ6RjBVgLcRUpzwKWx_rOAWnUQ@mail.gmail.com>
	<5022524.gIe1TV6Uvp@sifl>
	<CAAu8pHuWEARDbWxk7+cprxci6sM-Fiae2HFgdhZ5v7mePELNGQ@mail.gmail.com>
In-Reply-To: <CAAu8pHuWEARDbWxk7+cprxci6sM-Fiae2HFgdhZ5v7mePELNGQ@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enigBA37770215CEA7AA98EBE348"
Subject: Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to
 libseccomp in vl.c
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Blue Swirl <blauwirbel@gmail.com>
Cc: Paul Moore <pmoore@redhat.com>, qemu-devel@nongnu.org, Eduardo Otubo <otubo@linux.vnet.ibm.com>

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBA37770215CEA7AA98EBE348
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 06/15/2012 03:23 PM, Blue Swirl wrote:

> How about seccomp mode selected by command line switch -seccomp, in
> which bind/connect/open/execve are forbidden? The functionality
> remaining would be somewhat limited (can't migrate or use SMB etc.

More properly, can't migrate with exec:command migration.  But fd:nnn
migration should still be viable.

--=20
Eric Blake   eblake@redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--------------enigBA37770215CEA7AA98EBE348
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJP26ylAAoJEKeha0olJ0Nq5fQH/RS2/hNsFqopaPCEEejtE6bX
k8CX01pZPJCFK5UxxiXKeMR84RO5IzY3xq1IhlZLtO3iZVbT7vP2x62GRomUCuhx
Z9jKmq5E2P2Ab6i73maGSclIYl+lbZSxfpTDByjntQFQvF1qKcDm1fZxbiHx/KW2
Ji1l1rnOZBoZKRxuit3HAEA+Yoswg0TkRLkZ0gdFwYlp1DI4rN+TXxpyNl5VU1HF
2KW3ddM3KL+8MQpw3kIfWu4917F1eQNvppOB7vSKyaQHnh2SumbTGqxnOBZkOPM4
dBGxJnsScLuGpdwzmGJYBhTl3vPvCJYVH4vPvq+fRzHM3yJj11HcrxNHiWsK1bM=
=B+oA
-----END PGP SIGNATURE-----

--------------enigBA37770215CEA7AA98EBE348--