| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2020-01-23 | virtiofsd: add seccomp whitelist | Stefan Hajnoczi | 1 | -1/+4 | |
| Only allow system calls that are needed by virtiofsd. All other system calls cause SIGSYS to be directed at the thread and the process will coredump. Restricting system calls reduces the kernel attack surface and limits what the process can do when compromised. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> with additional entries by: Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com> Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com> Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> Signed-off-by: piaojun <piaojun@huawei.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Eric Ren <renzhen@linux.alibaba.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> | |||||
| 2020-01-23 | virtiofsd: Add Makefile wiring for virtiofsd contrib | Dr. David Alan Gilbert | 1 | -0/+9 | |
| Wire up the building of the virtiofsd in tools. virtiofsd relies on Linux-specific system calls and seccomp. Anyone wishing to port it to other host operating systems should do so carefully and without reducing security. Only allow building on Linux hosts. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Liam Merwick <liam.merwick@oracle.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> | |||||
 |
index : riscv-gnu-toolchain/qemu.git | |
| Unnamed repository; edit this file 'description' to name the repository. | root |
| aboutsummaryrefslogtreecommitdiff |