Re: [Qemu-devel] [PULL 0/3] seccomp branch queue
Please don't merge this PULL request - the behaviour of the 3rd patch is still being debated. On Wed, Aug 22, 2018 at 05:40:27PM +0200, Eduardo Otubo wrote: > The following changes since commit 13b7b188501d419a7d63c016e00065bcc693b7d4: > > Merge remote-tracking branch > 'remotes/kraxel/tags/vga-20180821-pull-request' into staging (2018-08-21 > 15:57:56 +0100) > > are available in the Git repository at: > > https://github.com/otubo/qemu.git tags/pull-seccomp-20180822 > > for you to fetch changes up to 2131f3e6e98195b4ce43a87c78cd9d8cb9f4da2c: > > seccomp: set the seccomp filter to all threads (2018-08-22 17:35:34 +0200) > > > pull-seccomp-20180822 > > > Marc-André Lureau (3): > seccomp: use SIGSYS signal instead of killing the thread > seccomp: prefer SCMP_ACT_KILL_PROCESS if available > seccomp: set the seccomp filter to all threads > > qemu-options.hx | 2 ++ > qemu-seccomp.c | 96 > +++-- > 2 files changed, 95 insertions(+), 3 deletions(-) > > -- > 2.17.1 > > Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
Re: [Qemu-devel] [PULL 0/3] seccomp branch queue
On 08/22/2018 10:40 AM, Eduardo Otubo wrote: The following changes since commit 13b7b188501d419a7d63c016e00065bcc693b7d4: Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180821-pull-request' into staging (2018-08-21 15:57:56 +0100) are available in the Git repository at: https://github.com/otubo/qemu.git tags/pull-seccomp-20180822 for you to fetch changes up to 2131f3e6e98195b4ce43a87c78cd9d8cb9f4da2c: seccomp: set the seccomp filter to all threads (2018-08-22 17:35:34 +0200) pull-seccomp-20180822 Marc-André Lureau (3): seccomp: use SIGSYS signal instead of killing the thread seccomp: prefer SCMP_ACT_KILL_PROCESS if available seccomp: set the seccomp filter to all threads Let's hold off on this pull request until the technical debate on 3/3 has settled (namely, there's no point in letting the process continue if tsync fails on older OS, because it is NOT providing the security that it claims). -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
[Qemu-devel] [PULL 0/3] seccomp branch queue
The following changes since commit 13b7b188501d419a7d63c016e00065bcc693b7d4: Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180821-pull-request' into staging (2018-08-21 15:57:56 +0100) are available in the Git repository at: https://github.com/otubo/qemu.git tags/pull-seccomp-20180822 for you to fetch changes up to 2131f3e6e98195b4ce43a87c78cd9d8cb9f4da2c: seccomp: set the seccomp filter to all threads (2018-08-22 17:35:34 +0200) pull-seccomp-20180822 Marc-André Lureau (3): seccomp: use SIGSYS signal instead of killing the thread seccomp: prefer SCMP_ACT_KILL_PROCESS if available seccomp: set the seccomp filter to all threads qemu-options.hx | 2 ++ qemu-seccomp.c | 96 +++-- 2 files changed, 95 insertions(+), 3 deletions(-) -- 2.17.1
