On 05/01/2013 10:13 AM, Paul Moore wrote:
On Tuesday, April 30, 2013 04:28:54 PM Corey Bryant wrote:
Just to be clear, I'm thinking you could launch guests in one of two
different seccomp sandboxed environments:
1) Using the existing and more permissive whitelist where every QEMU
feature works:
qemu-kvm -sandbox on,default
In general, I like the comma delimited list of sandbox filters/methods/etc.
but I'm not sure we need to explicitly specify "default", it seems like "on"
would be sufficient. It also preserved compatibility with what we have now.
Yes, I agree. This should definitely remain backward compatible.
--
Regards,
Corey Bryant
