On 10/23/2012 09:59 AM, Corey Bryant wrote:
> Only network devices are prevented, right?
>
> Also, as I mentioned before, can you limit this to the subset of options
> that cause execve() to be issued? For example, can we allow libvirt to
> pass an fd for hotplugging a network device (e.g. netde
On 10/23/2012 01:55 AM, Eduardo Otubo wrote:
With the inclusion of the new "double whitelist" seccomp filter, Qemu
won't be able to execve() in runtime, thus, no hotplug net devices
allowed.
v2: * Error messages moved to the backend function, net_init_tap(), recommended
by Paolo Bonzini
With the inclusion of the new "double whitelist" seccomp filter, Qemu
won't be able to execve() in runtime, thus, no hotplug net devices
allowed.
v2: * Error messages moved to the backend function, net_init_tap(), recommended
by Paolo Bonzini
* Documentation added to QMP and HMP commands
