Hello all,
This patch is an effort to sandbox Qemu guests using Libseccomp[0]. The patches
that follows are pretty simple and straightforward. I added the correct options
and checks to the configure script and the basic calls to libseccomp in the
main loop at vl.c. Details of each one are in the e
Overall the code looks fine to me.
A couple general comments though:
- we need a -disable-sandbox flag in case the whitelist is bad and a
user needs to disable it.
- for the few cases where we may exec something that requires privileges
beyond this white list, we need to clearly document tha
Hello all,
This patch is an effort to sandbox Qemu guests using Libseccomp[0]. The patches
that follows are pretty simple and straightforward. I added the correct options
and checks to the configure script and the basic calls to libseccomp in the
main loop at vl.c. Details of each one are in the e
