Commit 1bd6152a authored by Eduardo Otubo's avatar Eduardo Otubo

seccomp: changing from whitelist to blacklist

This patch changes the default behavior of the seccomp filter from
whitelist to blacklist. By default now all system calls are allowed and
a small black list of definitely forbidden ones was created.
Signed-off-by: 's avatarEduardo Otubo <>
parent 3dabde11
......@@ -15,6 +15,8 @@
#include <seccomp.h>
int seccomp_start(void);
This diff is collapsed.
......@@ -1032,7 +1032,6 @@ static int bt_parse(const char *opt)
static int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
/* FIXME: change this to true for 1.3 */
if (qemu_opt_get_bool(opts, "enable", false)) {
if (seccomp_start() < 0) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment