Ian Jackson writes ("[PATCH v2 00/24] Provide some actual restriction of qemu"):
> With this series, it is possible to run qemu in a way that I think
> really does not have global privilege any more.
This is not v2. It is v4.
Sorry.
Ian.
___
Xen-deve
With this series, it is possible to run qemu in a way that I think
really does not have global privilege any more.
I have verified that it runs as a non-root user. I have checked all
of its fds and they are either privcmd (which I have arranged to
neuter), or /dev/null, or harmless sockets and pi
With this series, it is possible to run qemu in a way that I think
really does not have global privilege any more>
I have verified that it runs as a non-root user. I have checked all
of its fds and they are either privcmd (which I have arranged to
neuter), or /dev/null, or harmless sockets and pi