-
由 Eduardo Otubo 提交于
This patch adds [,spawn=deny] argument to `-sandbox on' option. It blacklists fork and execve system calls, avoiding Qemu to spawn new threads or processes. Signed-off-by: NEduardo Otubo <otubo@redhat.com>995a226f
This patch adds [,spawn=deny] argument to `-sandbox on' option. It
blacklists fork and execve system calls, avoiding Qemu to spawn new
threads or processes.
Signed-off-by: NEduardo Otubo <otubo@redhat.com>