On 08/29/2013 05:34 AM, Stefan Hajnoczi wrote:
On Wed, Aug 28, 2013 at 10:04:32PM -0300, Eduardo Otubo wrote:
Now there's a second whitelist, right before the vcpu starts. The second
whitelist is the same as the first one, except for exec() and select().
-netdev tap,downscript=/path/to/script requires exec() in the QEMU
shutdown code path. Will this work with seccomp?
I actually don't know, but I'll test that as well. Can you run a test
with this patch and -netdev? I mean, if you're pointing that out you
might have a scenario already setup, right?
Thanks!
Stefan
--
Eduardo Otubo
IBM Linux Technology Center