subject:"\[Qemu\-devel\] \[PATCHv6 3\/5\] seccomp\: add elevateprivileges argument to command line"

Re: [Qemu-devel] [PATCHv6 3/5] seccomp: add elevateprivileges argument to command line

2017-09-14 Thread Daniel P. Berrange

On Fri, Sep 08, 2017 at 01:44:05PM +0200, Eduardo Otubo wrote: > This patch introduces the new argument > [,elevateprivileges=allow|deny|children] to the `-sandbox on'. It allows > or denies Qemu process to elevate its privileges by blacklisting all > set*uid|gid system calls. The 'children' option

Re: [Qemu-devel] [PATCHv6 3/5] seccomp: add elevateprivileges argument to command line

2017-09-08 Thread Thomas Huth

On 08.09.2017 13:44, Eduardo Otubo wrote: > This patch introduces the new argument > [,elevateprivileges=allow|deny|children] to the `-sandbox on'. It allows > or denies Qemu process to elevate its privileges by blacklisting all > set*uid|gid system calls. The 'children' option will let forks and >

[Qemu-devel] [PATCHv6 3/5] seccomp: add elevateprivileges argument to command line

2017-09-08 Thread Eduardo Otubo

This patch introduces the new argument [,elevateprivileges=allow|deny|children] to the `-sandbox on'. It allows or denies Qemu process to elevate its privileges by blacklisting all set*uid|gid system calls. The 'children' option will let forks and execves run unprivileged. Signed-off-by: Eduardo O