seccomp: changing from whitelist to blacklist

This patch changes the default behavior of the seccomp filter from whitelist to blacklist. By default now all system calls are allowed and a small black list of definitely forbidden ones was created. Signed-off-by: Eduardo Otubo <otubo@redhat.com>
author: Eduardo Otubo <otubo@redhat.com> 2017-02-28 21:13:12 +0100
committer: Eduardo Otubo <otubo@redhat.com> 2017-09-15 10:13:35 +0200
commit: 1bd6152ae23549032ef4aca0d3d350512f012f05 (patch)
tree: f3f5a4509e206f1e529953b48232b50e5099f8e8 /include
parent: 3dabde1128b671f36ac6cb36b97b273139964420 (diff)
download: qemu-1bd6152ae23549032ef4aca0d3d350512f012f05.zip
qemu-1bd6152ae23549032ef4aca0d3d350512f012f05.tar.gz
qemu-1bd6152ae23549032ef4aca0d3d350512f012f05.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/include/sysemu/seccomp.h b/include/sysemu/seccomp.h
index cfc0600..23b9c3c 100644
--- a/include/sysemu/seccomp.h
+++ b/include/sysemu/seccomp.h
@@ -15,6 +15,8 @@
 #ifndef QEMU_SECCOMP_H
 #define QEMU_SECCOMP_H
 
+#define QEMU_SECCOMP_SET_DEFAULT     (1 << 0)
+
 #include <seccomp.h>
 
 int seccomp_start(void);
author	Eduardo Otubo <otubo@redhat.com>	2017-02-28 21:13:12 +0100
committer	Eduardo Otubo <otubo@redhat.com>	2017-09-15 10:13:35 +0200
commit	1bd6152ae23549032ef4aca0d3d350512f012f05 (patch)
tree	f3f5a4509e206f1e529953b48232b50e5099f8e8 /include
parent	3dabde1128b671f36ac6cb36b97b273139964420 (diff)
download	qemu-1bd6152ae23549032ef4aca0d3d350512f012f05.zip qemu-1bd6152ae23549032ef4aca0d3d350512f012f05.tar.gz qemu-1bd6152ae23549032ef4aca0d3d350512f012f05.tar.bz2