From 1bd6152ae23549032ef4aca0d3d350512f012f05 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <otubo@redhat.com>
Date: Tue, 28 Feb 2017 21:13:12 +0100
Subject: seccomp: changing from whitelist to blacklist

This patch changes the default behavior of the seccomp filter from
whitelist to blacklist. By default now all system calls are allowed and
a small black list of definitely forbidden ones was created.

Signed-off-by: Eduardo Otubo <otubo@redhat.com>
---
 vl.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'vl.c')

diff --git a/vl.c b/vl.c
index fb1f05b937..76e0b3a946 100644
--- a/vl.c
+++ b/vl.c
@@ -1032,7 +1032,6 @@ static int bt_parse(const char *opt)
 
 static int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
 {
-    /* FIXME: change this to true for 1.3 */
     if (qemu_opt_get_bool(opts, "enable", false)) {
 #ifdef CONFIG_SECCOMP
         if (seccomp_start() < 0) {
-- 
cgit v1.2.3