Thanks.
2014-12-12 16:32 GMT+01:00 Daniel P. Berrange <[email protected]>: > > On Fri, Dec 12, 2014 at 04:24:55PM +0100, Raymond Durand wrote: > > Thanks. > > > > How are the rules managed so as to fit the VM system calls? > > Is tuning possible? recommended? > > QEMU has a built-in policy that adds rules for every conceivable > function that QEMU might need to execute. Given that is quite > broad, the security benefit from seccomp enablement is quit low > IMHO > > I see. Is it something like each QEMU device enabled comes along with a system-calls list ie. rules allowed? Is this list of rules loaded at each time the QEMU/KVM starts? > Regards, > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ > :| > |: http://libvirt.org -o- http://virt-manager.org > :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ > :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc > :| > Regards,
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
