From: Eduardo Otubo <otubo@linux.vnet.ibm.com>
To: Eric Blake <eblake@redhat.com>
Cc: pmoore@redhat.com, coreyb@linux.vnet.ibm.com,
qemu-devel@nongnu.org, anthony@codemonkey.ws
Subject: Re: [Qemu-devel] [PATCHv3 1/3] seccomp: adding blacklist support
Date: Wed, 09 Oct 2013 10:11:08 -0300 [thread overview]
Message-ID: <525555EC.1040008@linux.vnet.ibm.com> (raw)
In-Reply-To: <5254B9EF.70905@redhat.com>
On 10/08/2013 11:05 PM, Eric Blake wrote:
> On 10/08/2013 06:42 PM, Eduardo Otubo wrote:
>> v3: The "-netdev tap" option is checked in the vl.c file during the
>> process of the command line argument list. It sets tap_enabled to true
>> or false according to the configuration found. Later at the seccomp
>> filter installation, this value is checked wheter to install or not this
>
> s/wheter/whether/
Thank you.
>
>> feature.
>>
>> Adding a system call blacklist right before the vcpus starts. This
>> filter is composed by the system calls that can't be executed after the
>> guests are up. This list should be refined as whitelist is, with as much
>> testing as we can do using virt-test.
>>
>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>> ---
>> include/sysemu/seccomp.h | 6 ++++-
>> qemu-seccomp.c | 64 +++++++++++++++++++++++++++++++++++++++---------
>> vl.c | 21 +++++++++++++++-
>> 3 files changed, 77 insertions(+), 14 deletions(-)
>
> No review on the actual patch, just spotting a typo.
>
>
--
Eduardo Otubo
IBM Linux Technology Center
next prev parent reply other threads:[~2013-10-09 13:11 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-09 0:42 [Qemu-devel] [PATCHv3 0/3] seccomp: adding blacklist support with command line Eduardo Otubo
2013-10-09 0:42 ` [Qemu-devel] [PATCHv3 1/3] seccomp: adding blacklist support Eduardo Otubo
2013-10-09 2:05 ` Eric Blake
2013-10-09 13:11 ` Eduardo Otubo [this message]
2013-10-09 15:19 ` Corey Bryant
2013-10-09 21:36 ` Paul Moore
2013-10-10 11:33 ` Corey Bryant
2013-10-09 0:42 ` [Qemu-devel] [PATCHv3 2/3] seccomp: adding command line support for blacklist Eduardo Otubo
2013-10-09 14:40 ` Eduardo Otubo
2013-10-09 0:42 ` [Qemu-devel] [PATCHv3 3/3] seccomp: general fixes Eduardo Otubo
2013-10-09 21:38 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=525555EC.1040008@linux.vnet.ibm.com \
--to=otubo@linux.vnet.ibm.com \
--cc=anthony@codemonkey.ws \
--cc=coreyb@linux.vnet.ibm.com \
--cc=eblake@redhat.com \
--cc=pmoore@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).