On Friday, September 25, 2015 12:53:04 AM Namsun Ch'o wrote: > Another idea which would fit in with the security model is to have a dynamic > sandbox which enables syscalls and syscall filters based on what command > line or config parameters are passed to QEMU on its first start.
I've suggested this in the past but to my knowledge no has done any work in this direction, including myself. Despite the lack of progress, I still think this is a very worthwhile idea. -- paul moore security @ redhat
