On Fri, Jul 20, 2018 at 05:44:25PM +0200, Marc-André Lureau wrote: > The upcoming libseccomp release should have SCMP_ACT_KILL_PROCESS > action (https://github.com/seccomp/libseccomp/issues/96). > > SCMP_ACT_KILL_PROCESS is preferable to immediately terminate the > offending process, rather than having the SIGSYS handler running. > > Use SECCOMP_GET_ACTION_AVAIL to check availability of kernel support, > as libseccomp will fallback on SCMP_ACT_KILL otherwise, and we still > prefer SCMP_ACT_TRAP. > > Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> > --- > qemu-seccomp.c | 30 +++++++++++++++++++++++++++++- > 1 file changed, 29 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
