From 1bd6152ae23549032ef4aca0d3d350512f012f05 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo
Date: Tue, 28 Feb 2017 21:13:12 +0100
Subject: seccomp: changing from whitelist to blacklist

This patch changes the default behavior of the seccomp filter from
whitelist to blacklist. By default now all system calls are allowed and
a small black list of definitely forbidden ones was created.

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
 include/sysemu/seccomp.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include')

diff --git a/include/sysemu/seccomp.h b/include/sysemu/seccomp.h
index cfc06008cb..23b9c3c789 100644
--- a/include/sysemu/seccomp.h
+++ b/include/sysemu/seccomp.h
@@ -15,6 +15,8 @@
 #ifndef QEMU_SECCOMP_H
 #define QEMU_SECCOMP_H
 
+#define QEMU_SECCOMP_SET_DEFAULT     (1 << 0)
+
 #include <seccomp.h>
 
 int seccomp_start(void);
-- 
cgit v1.2.3-55-g7522