[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU sandboxing
George Dunlap writes ("[PATCH v2 6/6] RFC: tools/dm_restrict: Enable QEMU sandboxing"): > QEMU has a `sandbox` feature, wherein it will use seccomp2 to restrict > what system calls it is able to make. ... > + flexarray_append(dm_args, > "on,obsolete=deny,elevateprivileges=allow,spawn=deny,resourcecontrol=deny"); Why `elevateprivileges=allow' ? In this syntax, what happens with unmentioned abilities ? Thanks, Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |