"Namsun Ch'o" <namn...@safe-mail.net> writes: > The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which are > needed for -runas to work. It also doesn't whitelist chroot, which is needed > for the -chroot option. Unfortunately, QEMU enables seccomp before it drops > privileges or chroots, so without these whitelisted, -runas and -chroot cause > QEMU to be killed with -sandbox on. This patch adds those syscalls.
Should it enable seccomp a bit later?
