From Fedora Project Wiki

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Description

Run your VMs using seccomp filter for improved security against qemu exploits. For more details, please see:

http://fedoraproject.org/wiki/Features/Syscall_Filters

Setup

Nothing beyond the initial test day setup (basically a function F18 VM).

Stop (medium size).png
This is all currently broken
QEMU guests fail at startup using libvirt + seccomp: [bz 855192]

How to test

  1. Verify a VM starts up fine, to start.
  2. Stop all VMs
  3. Edit /etc/libvirt/qemu.conf, change seccomp_sandbox = 1
  4. Restart libvirtd
  5. Start a VM, connect to the graphical console with virt-manager
  6. Verify that the VM seems to be behaving as usual.

Expected Results

No obvious errors occur, guests seem to function like normal after all the steps.

Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_Virtualization_Seccomp_Sandboxing&oldid=309127"