The following changes since commit ad38520bdeb2b1e0b487db317f29119e94c1c88d:
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2022-02-15 19:30:33 +0000) are available in the Git repository at: https://gitlab.com/berrange/qemu tags/misc-next-pull-request for you to fetch changes up to 2720ceda0521bc43139cfdf45e3e470559e11ce3: docs: expand firmware descriptor to allow flash without NVRAM (2022-02-16 18:53:26 +0000) ---------------------------------------------------------------- This misc series of changes: - Improves documentation of SSH fingerprint checking - Fixes SHA256 fingerprints with non-blockdev usage - Blocks the clone3, setns, unshare & execveat syscalls with seccomp - Blocks process spawning via clone syscall, but allows threads, with seccomp - Takes over seccomp maintainer role - Expands firmware descriptor spec to allow flash without NVRAM ---------------------------------------------------------------- Daniel P. Berrangé (10): block: better document SSH host key fingerprint checking block: support sha256 fingerprint with pre-blockdev options block: print the server key type and fingerprint on failure seccomp: allow action to be customized per syscall seccomp: add unit test for seccomp filtering seccomp: fix blocking of process spawning seccomp: block use of clone3 syscall seccomp: block setns, unshare and execveat syscalls MAINTAINERS: take over seccomp from Eduardo Otubo docs: expand firmware descriptor to allow flash without NVRAM MAINTAINERS | 5 +- block/ssh.c | 42 +++- docs/interop/firmware.json | 54 ++++- docs/system/qemu-block-drivers.rst.inc | 30 ++- softmmu/qemu-seccomp.c | 282 +++++++++++++++++++------ tests/unit/meson.build | 4 + tests/unit/test-seccomp.c | 269 +++++++++++++++++++++++ 7 files changed, 599 insertions(+), 87 deletions(-) create mode 100644 tests/unit/test-seccomp.c -- 2.34.1
