| commit | 463805711056b431a74917a75cda75ec67fec3d2 | |
| author | Daniel P. Berrangé <berrange@redhat.com> | |
| Thu, 29 Apr 2021 10:25:13 +0000 (29 11:25 +0100) | ||
| committer | Daniel P. Berrangé <berrange@redhat.com> | |
| Wed, 16 Feb 2022 18:52:40 +0000 (16 18:52 +0000) | ||
| tree | 5ca2564e546f23ecc6964479e6fc8ab20b153b60 | treesnapshot (tar.gz zip) |
| parent | c542b302707628609f2a33bcbd3e442282806b8e | commitdiff |
seccomp: block setns, unshare and execveat syscalls
setns/unshare are used to change namespaces which is not something QEMU
needs to be able todo.
execveat is a new variant of execve so should be blocked just like
execve already is.
Acked-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
setns/unshare are used to change namespaces which is not something QEMU
needs to be able todo.
execveat is a new variant of execve so should be blocked just like
execve already is.
Acked-by: Eduardo Otubo <otubo@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
| softmmu/qemu-seccomp.c | diffblobblamehistory |