CVSROOT: /cvs Module name: src Changes by: r...@cvs.openbsd.org 2016/10/06 14:41:28
Modified files:
usr.sbin/vmd : vmm.c
Log message:
Enable pledge(2) in vmm and the VM processes: This way the VMs and
their monitor run in a very restricted environment. VMs only pledge
"stdio vmm" which allows them to do most basic functions and a subset
of vmm ioctls (the other part of vmm ioctls are only permitted in the
parent).
This requires the previous change in the vmm kernel part.
OK mlarkin@
