seccomp: block setns, unshare and execveat syscalls - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Daniel P. Berrangé	2021-04-29 12:25:13 +0200
committer	Daniel P. Berrangé	2022-02-16 19:52:40 +0100
commit	463805711056b431a74917a75cda75ec67fec3d2 (patch)
tree	5ca2564e546f23ecc6964479e6fc8ab20b153b60 /docs/interop/firmware.json
parent	seccomp: block use of clone3 syscall (diff)
download	qemu-463805711056b431a74917a75cda75ec67fec3d2.tar.gz qemu-463805711056b431a74917a75cda75ec67fec3d2.tar.xz qemu-463805711056b431a74917a75cda75ec67fec3d2.zip

seccomp: block setns, unshare and execveat syscalls

setns/unshare are used to change namespaces which is not something QEMU needs to be able todo. execveat is a new variant of execve so should be blocked just like execve already is. Acked-by: Eduardo Otubo <otubo@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Diffstat (limited to 'docs/interop/firmware.json')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: