Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755596Ab1EZIfP (ORCPT ); Thu, 26 May 2011 04:35:15 -0400 Received: from mail-vx0-f174.google.com ([209.85.220.174]:41009 "EHLO mail-vx0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750932Ab1EZIfM (ORCPT ); Thu, 26 May 2011 04:35:12 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=BiG2BMJBnu8WG8NT6SzkTCbKq7B0usIdhAioRGYCaGBCsOI5bPnKPI8HH8Z/TuXXdH lHkzAVPBhQmZSvGDL46h+v0BvQnyXnjLFBzylWKF5gDZ5SKPvBTfhSRbih2oWfqOtpPh SkAa5wj5y0o/SoB/uesEVeu+QXV8FfxkoAxxA= MIME-Version: 1.0 In-Reply-To: <20110526082451.GB26775@elte.hu> References: <1306254027.18455.47.camel@twins> <20110524195435.GC27634@elte.hu> <20110525150153.GE29179@elte.hu> <20110525180100.GY19633@outflux.net> <20110526082451.GB26775@elte.hu> Date: Thu, 26 May 2011 11:35:11 +0300 X-Google-Sender-Auth: RiCPUFNX0_gnJJHDpe6gMqJyblM Message-ID: Subject: Re: [PATCH 3/5] v2 seccomp_filters: Enable ftrace-based system call filtering From: Pekka Enberg To: Ingo Molnar Cc: James Morris , Linus Torvalds , Kees Cook , Thomas Gleixner , Peter Zijlstra , Will Drewry , Steven Rostedt , linux-kernel@vger.kernel.org, Avi Kivity , gnatapov@redhat.com, Chris Wright , Pekka Enberg , Sasha Levin Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1050 Lines: 22 Hi Ingo, On Thu, May 26, 2011 at 11:24 AM, Ingo Molnar wrote: > Unlike Qemu tools/kvm/ has a design that is very fit for MAC > concepts: it uses separate helper threads for separate resources > (this could in many cases even be changed to be separate processes > which only share access to the guest RAM image) - while Qemu is in > most parts a state machine, so in tools/kvm/ we can realistically > have a good object manager and keep an exploit in a networking > interface driver from being able to access disk driver state. I haven't really followed this particular discussion nor do I know if Qemu is good or bad fit but sure, for tools/kvm Chrome-style sandboxing makes tons of sense and would be a pretty good fit for how our device model works now. Pekka -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/