From: "Andreas Färber" <afaerber@suse.de>
To: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Cc: pmoore@redhat.com, coreyb@linux.vnet.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCHv3 2/5] seccomp: setting "-sandbox on" as deafult
Date: Wed, 21 Nov 2012 16:20:27 +0100 [thread overview]
Message-ID: <50ACF13B.8060509@suse.de> (raw)
In-Reply-To: <1352749698-1219-2-git-send-email-otubo@linux.vnet.ibm.com>
Am 12.11.2012 20:48, schrieb Eduardo Otubo:
> Now the seccomp filter will be set to "on" even if no argument
> "-sandbox" is given.
>
> v3: * Introduced seccomp_states enum and new functions named
> seccomp_set_state() and seccomp_get_state()
> (pbonzini@redhat.com).
> * Merged seccomp_start() and install_seccomp_filter(),
> moved install_seccomp_filter() to qemu-seccomp.c,
> and renamed it.
> * Moved CONFIG_SECCOMP pre-processor checks from Makefile.objs
> to qemu-seccomp.c.
> * Replace qerror_report with fprintf(stderr, "..") in main()
> (lcapitulino@redhat.com).
>
> Note: This support requires libseccomp. If you don't have access
> to libseccomp packages, you can manually build with the following
> steps:
>
> 1) git clone git://git.code.sf.net/p/libseccomp/libseccomp
> 2) cd libseccomp
> 3) ./configure
> 4) make
> 5) make install
> 6) export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig/"
To my understanding libseccomp specifically filters Linux syscalls, no?
Are you positive that building and enabling this by default works with
mingw32, bsd, darwin, etc. and makes sense?
Regards,
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
next prev parent reply other threads:[~2012-11-21 15:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-12 19:48 [Qemu-devel] [PATCHv3 1/5] seccomp: adding new syscalls (bugzilla 855162) Eduardo Otubo
2012-11-12 19:48 ` [Qemu-devel] [PATCHv3 2/5] seccomp: setting "-sandbox on" as deafult Eduardo Otubo
2012-11-21 15:20 ` Andreas Färber [this message]
2012-11-27 19:01 ` Anthony Liguori
2012-11-27 19:07 ` Corey Bryant
2012-11-12 19:48 ` [Qemu-devel] [PATCHv3 3/5] net: Disallow device hotplug that causes execve() Eduardo Otubo
2012-11-12 19:48 ` [Qemu-devel] [PATCHv3 4/5] seccomp: double whitelist support Eduardo Otubo
2012-11-12 19:48 ` [Qemu-devel] [PATCHv3 5/5] seccomp: adding debug mode Eduardo Otubo
2012-11-21 13:20 ` [Qemu-devel] [PATCHv3 1/5] seccomp: adding new syscalls (bugzilla 855162) Eduardo Otubo
2012-11-21 15:24 ` Paul Moore
2012-11-26 16:41 ` Corey Bryant
2012-11-26 17:08 ` Paul Moore
2012-11-26 19:59 ` Corey Bryant
2012-11-26 20:41 ` Paul Moore
2012-11-26 21:48 ` Paul Moore
2012-11-27 16:11 ` Corey Bryant
2012-11-27 16:15 ` Paul Moore
2012-11-21 15:30 ` Andreas Färber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50ACF13B.8060509@suse.de \
--to=afaerber@suse.de \
--cc=coreyb@linux.vnet.ibm.com \
--cc=otubo@linux.vnet.ibm.com \
--cc=pmoore@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).