On 10/19/2012 02:08 PM, Corey Bryant wrote: > > > On 10/19/2012 01:04 PM, Blue Swirl wrote: >> On Wed, Oct 17, 2012 at 1:15 PM, Eduardo Otubo >> <ot...@linux.vnet.ibm.com> wrote: >>> This patch includes a second whitelist right before the main loop. It's >>> a smaller and more restricted whitelist, excluding execve() among many >>> others. >>>
>> It's nice to see that for example open, creat, unlink, socket, bind, >> mprotect, setrlimit and kill are not present. >> > > Hmm, well open minimally needs to be added to this list so that drives > can be hotplugged. Unless we enforce the use of add-fd for hot-plugging drives, but that in turn requires that we have -blockdev semantics for telling qemu how to open backing chains. -- Eric Blake ebl...@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
