| Message ID | 20180822154030.14911-1-otubo@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 08/22/2018 10:40 AM, Eduardo Otubo wrote: > The following changes since commit 13b7b188501d419a7d63c016e00065bcc693b7d4: > > Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180821-pull-request' into staging (2018-08-21 15:57:56 +0100) > > are available in the Git repository at: > > https://github.com/otubo/qemu.git tags/pull-seccomp-20180822 > > for you to fetch changes up to 2131f3e6e98195b4ce43a87c78cd9d8cb9f4da2c: > > seccomp: set the seccomp filter to all threads (2018-08-22 17:35:34 +0200) > > ---------------------------------------------------------------- > pull-seccomp-20180822 > > ---------------------------------------------------------------- > Marc-André Lureau (3): > seccomp: use SIGSYS signal instead of killing the thread > seccomp: prefer SCMP_ACT_KILL_PROCESS if available > seccomp: set the seccomp filter to all threads Let's hold off on this pull request until the technical debate on 3/3 has settled (namely, there's no point in letting the process continue if tsync fails on older OS, because it is NOT providing the security that it claims).
Please don't merge this PULL request - the behaviour of the 3rd patch is still being debated. On Wed, Aug 22, 2018 at 05:40:27PM +0200, Eduardo Otubo wrote: > The following changes since commit 13b7b188501d419a7d63c016e00065bcc693b7d4: > > Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180821-pull-request' into staging (2018-08-21 15:57:56 +0100) > > are available in the Git repository at: > > https://github.com/otubo/qemu.git tags/pull-seccomp-20180822 > > for you to fetch changes up to 2131f3e6e98195b4ce43a87c78cd9d8cb9f4da2c: > > seccomp: set the seccomp filter to all threads (2018-08-22 17:35:34 +0200) > > ---------------------------------------------------------------- > pull-seccomp-20180822 > > ---------------------------------------------------------------- > Marc-André Lureau (3): > seccomp: use SIGSYS signal instead of killing the thread > seccomp: prefer SCMP_ACT_KILL_PROCESS if available > seccomp: set the seccomp filter to all threads > > qemu-options.hx | 2 ++ > qemu-seccomp.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- > 2 files changed, 95 insertions(+), 3 deletions(-) > > -- > 2.17.1 > > Regards, Daniel
The following changes since commit 13b7b188501d419a7d63c016e00065bcc693b7d4: Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180821-pull-request' into staging (2018-08-21 15:57:56 +0100) are available in the Git repository at: https://github.com/otubo/qemu.git tags/pull-seccomp-20180822 for you to fetch changes up to 2131f3e6e98195b4ce43a87c78cd9d8cb9f4da2c: seccomp: set the seccomp filter to all threads (2018-08-22 17:35:34 +0200) ---------------------------------------------------------------- pull-seccomp-20180822 ---------------------------------------------------------------- Marc-André Lureau (3): seccomp: use SIGSYS signal instead of killing the thread seccomp: prefer SCMP_ACT_KILL_PROCESS if available seccomp: set the seccomp filter to all threads qemu-options.hx | 2 ++ qemu-seccomp.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 95 insertions(+), 3 deletions(-)