Hi Eduardo, You acked this series, but going through my old git branches I just discovered that this never got merged. I guess I was assuming you had queued it for a future PULL when you acked it.
I don't mind sending a pull request myself if you've no objections. On Wed, Aug 04, 2021 at 10:05:38AM +0200, Eduardo Terrell Ferrari Otubo wrote: > On Mon, 2021-08-02 at 14:02 +0100, Daniel P. Berrangé wrote: > > Blocking the 'fork' syscall on Linux is not sufficient to block the > > 'fork' C library function, because the latter is essentially always > > implemented using the 'clone' syscall these days. > > > > Blocking 'clone' is difficult as that also blocks pthread creation, > > so it needs careful filtering. > > > > Daniel P. Berrangé (5): > > seccomp: allow action to be customized per syscall > > seccomp: add unit test for seccomp filtering > > seccomp: fix blocking of process spawning > > seccomp: block use of clone3 syscall > > seccomp: block setns, unshare and execveat syscalls > > > > MAINTAINERS | 1 + > > softmmu/qemu-seccomp.c | 282 +++++++++++++++++++++++++++++------- > > -- > > tests/unit/meson.build | 4 + > > tests/unit/test-seccomp.c | 269 ++++++++++++++++++++++++++++++++++++ > > 4 files changed, 490 insertions(+), 66 deletions(-) > > create mode 100644 tests/unit/test-seccomp.c > > > > -- > > 2.31.1 > > > > > > Acked-by: Eduardo Otubo <ot...@redhat.com> > > -- > Eduardo Otubo > > Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|