Quoting Paul Moore (pmo...@redhat.com): > On Wednesday, December 07, 2011 12:48:16 PM Anthony Liguori wrote: > > On 12/07/2011 12:25 PM, Corey Bryant wrote: > > > A group of us are starting to work on sandboxing QEMU device emulation > > > code. We're just getting started investigating various approaches, and > > > want to engage the community to gather input. > > > > > Following are the design points that we are currently considering: > > > > To be perfectly honest, I think prototyping and measuring performance is > > going to be the only way to figure out the right approach here. > > Agreed. I'm currently working on a prototype to play around with some of the > ideas discussed in this thread. As soon as it is functional I'll send a > pointer/patches/etc. to the list.
Hey Paul, just wondering, exactly which approache(s) are you prototyping? Are you touching seccomp2? thanks, -serge
