Skip to content
This repository was archived by the owner on May 12, 2021. It is now read-only.
This repository was archived by the owner on May 12, 2021. It is now read-only.

qemu seccomp support #327

Closed
Closed
qemu seccomp support#327
Labels
enhancementImprovement to an existing featuresecurityPotential or actual security issue
@bergwolf

Description

@bergwolf
bergwolf
opened on May 21, 2018

QEMU enforces a seccomp-bpf syscall blacklist when started with -sandbox on option. We may want to enable it to get an extra layer of protection with less attack interfaces. It comes with some performance cost and we can enable /proc/sys/net/core/bpf_jit_enable to reduce the impact.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementImprovement to an existing featuresecurityPotential or actual security issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions