mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-25 23:25:19 +00:00
4120a7dee9
Implement seccomp; we use one filter for all threads. The syscall list comes from the C daemon with syscalls added as I hit them. The default behaviour is to kill the process, this normally gets audit logged. --seccomp none disables seccomp log Just logs violations but doesn't stop it trap causes a signal to be be sent that can be trapped. If you suspect you're hitting a seccomp action then you can check the audit log; you could also switch to running with 'log' to collect a bunch of calls to report. To see where the syscalls are coming from use 'trap' with a debugger or coredump to backtrace it. This can be improved for some syscalls to restrict the parameters to some syscalls to make them more restrictive. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
17 lines
508 B
TOML
17 lines
508 B
TOML
[package]
|
|
name = "vhost_user_fs"
|
|
version = "0.1.0"
|
|
authors = ["The Cloud Hypervisor Authors"]
|
|
edition = "2018"
|
|
|
|
[dependencies]
|
|
bitflags = "1.1.0"
|
|
libc = "0.2.70"
|
|
log = "0.4.8"
|
|
# Match the version in vmm
|
|
seccomp = { git = "https://github.com/firecracker-microvm/firecracker", tag = "v0.21.1" }
|
|
tempdir= "0.3.7"
|
|
vm-memory = "0.2.0"
|
|
vm-virtio = { path = "../vm-virtio" }
|
|
vhost_rs = { git = "https://github.com/cloud-hypervisor/vhost", branch = "dragonball", package = "vhost", features = ["vhost-user-slave"] }
|