]> git.proxmox.com Git - mirror_qemu.git/commit - qemu-seccomp.c
projects / mirror_qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 73a1e64) | patch
seccomp: add spawn argument to command line
authorEduardo Otubo <otubo@redhat.com>
Mon, 13 Mar 2017 21:16:01 +0000 (22:16 +0100)
committerEduardo Otubo <otubo@redhat.com>
Fri, 15 Sep 2017 08:15:06 +0000 (10:15 +0200)
commit995a226f880b807e05240e8752d6ce65679775be
tree52c583395208ab69f6deb0bed685aeb3eefefbe0tree
parent73a1e647256b09734ce64ef7a6001a0db03f7106commit | diff
seccomp: add spawn argument to command line

This patch adds [,spawn=deny] argument to `-sandbox on' option. It
blacklists fork and execve system calls, avoiding Qemu to spawn new
threads or processes.

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
include/sysemu/seccomp.h diff | blob | blame | history
qemu-options.hx diff | blob | blame | history
qemu-seccomp.c diff | blob | blame | history
vl.c diff | blob | blame | history
QEMU mirror