From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42164) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VTtXx-0008EV-54 for qemu-devel@nongnu.org; Wed, 09 Oct 2013 09:11:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VTtXn-0003Fm-Jw for qemu-devel@nongnu.org; Wed, 09 Oct 2013 09:11:25 -0400 Received: from e24smtp05.br.ibm.com ([32.104.18.26]:46437) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VTtXn-0003FQ-5L for qemu-devel@nongnu.org; Wed, 09 Oct 2013 09:11:15 -0400 Received: from /spool/local by e24smtp05.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 9 Oct 2013 10:11:10 -0300 Received: from d24relay03.br.ibm.com (d24relay03.br.ibm.com [9.13.184.25]) by d24dlp01.br.ibm.com (Postfix) with ESMTP id 0242B3520060 for ; Wed, 9 Oct 2013 09:11:09 -0400 (EDT) Received: from d24av01.br.ibm.com (d24av01.br.ibm.com [9.8.31.91]) by d24relay03.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r99D9TWQ39649476 for ; Wed, 9 Oct 2013 10:09:30 -0300 Received: from d24av01.br.ibm.com (localhost [127.0.0.1]) by d24av01.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id r99DB8au004655 for ; Wed, 9 Oct 2013 10:11:08 -0300 Message-ID: <525555EC.1040008@linux.vnet.ibm.com> Date: Wed, 09 Oct 2013 10:11:08 -0300 From: Eduardo Otubo MIME-Version: 1.0 References: <1381279346-23676-1-git-send-email-otubo@linux.vnet.ibm.com> <1381279346-23676-2-git-send-email-otubo@linux.vnet.ibm.com> <5254B9EF.70905@redhat.com> In-Reply-To: <5254B9EF.70905@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCHv3 1/3] seccomp: adding blacklist support List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: pmoore@redhat.com, coreyb@linux.vnet.ibm.com, qemu-devel@nongnu.org, anthony@codemonkey.ws On 10/08/2013 11:05 PM, Eric Blake wrote: > On 10/08/2013 06:42 PM, Eduardo Otubo wrote: >> v3: The "-netdev tap" option is checked in the vl.c file during the >> process of the command line argument list. It sets tap_enabled to true >> or false according to the configuration found. Later at the seccomp >> filter installation, this value is checked wheter to install or not this > > s/wheter/whether/ Thank you. > >> feature. >> >> Adding a system call blacklist right before the vcpus starts. This >> filter is composed by the system calls that can't be executed after the >> guests are up. This list should be refined as whitelist is, with as much >> testing as we can do using virt-test. >> >> Signed-off-by: Eduardo Otubo >> --- >> include/sysemu/seccomp.h | 6 ++++- >> qemu-seccomp.c | 64 +++++++++++++++++++++++++++++++++++++++--------- >> vl.c | 21 +++++++++++++++- >> 3 files changed, 77 insertions(+), 14 deletions(-) > > No review on the actual patch, just spotting a typo. > > -- Eduardo Otubo IBM Linux Technology Center