On 08.09.2017 13:44, Eduardo Otubo wrote: > This patch adds [,resourcecontrol=deny] to `-sandbox on' option. It > blacklists all process affinity and scheduler priority system calls to > avoid any bigger of the process. > > Signed-off-by: Eduardo Otubo <ot...@redhat.com> > --- > include/sysemu/seccomp.h | 1 + > qemu-options.hx | 9 ++++++--- > qemu-seccomp.c | 11 +++++++++++ > vl.c | 16 ++++++++++++++++ > 4 files changed, 34 insertions(+), 3 deletions(-)
Reviewed-by: Thomas Huth <th...@redhat.com>
