On Fri, Oct 09, 2015 at 08=54=33AM +0200, Markus Armbruster wrote:
> namn...@sigaint.org writes:
>
> >> ps.: the threads are still being broken by your emails and it's a pain
> >> to track down all of them in order to read. Please fix it.
> >
> > I'm really sorry, I am not able to sign up to Googl
namn...@sigaint.org writes:
>> ps.: the threads are still being broken by your emails and it's a pain
>> to track down all of them in order to read. Please fix it.
>
> I'm really sorry, I am not able to sign up to Google because I don't have a
> cell number. I'll try using Sigaint. Does it work no
> ps.: the threads are still being broken by your emails and it's a pain
> to track down all of them in order to read. Please fix it.
I'm really sorry, I am not able to sign up to Google because I don't have a
cell number. I'll try using Sigaint. Does it work now?
On Thu, Oct 01, 2015 at 12=36=05AM -0400, Namsun Ch'o wrote:
> The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which are
> needed for -runas to work. It also doesn't whitelist chroot, which is needed
> for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
>
On Fri, Oct 02, 2015 at 03=15=05PM +0100, Daniel P. Berrange wrote:
> On Fri, Oct 02, 2015 at 04:08:20PM +0200, Eduardo Otubo wrote:
> > On Fri, Oct 02, 2015 at 12=05=58PM +0200, Markus Armbruster wrote:
> > > "Daniel P. Berrange" writes:
> > >
> > > > On Thu, Oct 01, 2015 at 02:06:32PM +0200, Ma
On Fri, Oct 02, 2015 at 12=05=58PM +0200, Markus Armbruster wrote:
> "Daniel P. Berrange" writes:
>
> > On Thu, Oct 01, 2015 at 02:06:32PM +0200, Markus Armbruster wrote:
> >> "Namsun Ch'o" writes:
> >>
> >> > The seccomp sandbox doesn't whitelist setuid, setgid, or
> >> > setgroups, which are
On Fri, Oct 02, 2015 at 04:08:20PM +0200, Eduardo Otubo wrote:
> On Fri, Oct 02, 2015 at 12=05=58PM +0200, Markus Armbruster wrote:
> > "Daniel P. Berrange" writes:
> >
> > > On Thu, Oct 01, 2015 at 02:06:32PM +0200, Markus Armbruster wrote:
> > >> "Namsun Ch'o" writes:
> > >>
> > >> > The secc
"Daniel P. Berrange" writes:
> On Thu, Oct 01, 2015 at 02:06:32PM +0200, Markus Armbruster wrote:
>> "Namsun Ch'o" writes:
>>
>> > The seccomp sandbox doesn't whitelist setuid, setgid, or
>> > setgroups, which are
>> > needed for -runas to work. It also doesn't whitelist chroot, which is
>> >
On Thu, Oct 01, 2015 at 02:06:32PM +0200, Markus Armbruster wrote:
> "Namsun Ch'o" writes:
>
> > The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which
> > are
> > needed for -runas to work. It also doesn't whitelist chroot, which is needed
> > for the -chroot option. Unfortun
> Should it enable seccomp a bit later?
Ideally it should be enabled as late as possible, right before the main loop,
because here's no reason to whitelist syscalls that are only ever needed to
start QEMU up (e.g. chroot, which is only used before the guest even boots).
But for now, the simplest s
"Namsun Ch'o" writes:
> The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which are
> needed for -runas to work. It also doesn't whitelist chroot, which is needed
> for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
> privileges or chroots, so without th
The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which are
needed for -runas to work. It also doesn't whitelist chroot, which is needed
for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
privileges or chroots, so without these whitelisted, -runas and -chr
12 matches
Mail list logo
