From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:41417)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SlKA6-0008Ez-Op
	for qemu-devel@nongnu.org; Sun, 01 Jul 2012 09:26:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SlKA5-0000hW-4G
	for qemu-devel@nongnu.org; Sun, 01 Jul 2012 09:26:02 -0400
Received: from mail-wg0-f53.google.com ([74.125.82.53]:41036)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1SlKA4-0000hH-Ra
	for qemu-devel@nongnu.org; Sun, 01 Jul 2012 09:26:01 -0400
Received: by wgbfm10 with SMTP id fm10so4054920wgb.10
	for <qemu-devel@nongnu.org>; Sun, 01 Jul 2012 06:25:58 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <4FF04FE3.20905@redhat.com>
Date: Sun, 01 Jul 2012 15:25:55 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <cover.1339614945.git.otubo@linux.vnet.ibm.com>
	<f2fa29790fb19e6596e1cda0d441e0f45730b533.1339614945.git.otubo@linux.vnet.ibm.com>
	<CAAu8pHviHrjprgpRipE22JpgsSVAWXR_DC0WvCHfB=2z=1S8Ag@mail.gmail.com>
	<20120613203305.GC6019@redhat.com>
	<CAAu8pHuZgMXUPsaLGrk7sbUWi=2BJJc_-xkrL+wQnZvd9XVjZA@mail.gmail.com>
	<20120618083335.GD28026@redhat.com>
	<4FDF479B.9060502@linux.vnet.ibm.com>
	<CAAu8pHsKM4RR7EhrDCC6mCeJMG2b2X15FgBCDZHVjiq04o03rA@mail.gmail.com>
	<4FDFA36E.4010802@linux.vnet.ibm.com>
In-Reply-To: <4FDFA36E.4010802@linux.vnet.ibm.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [RFC] [PATCHv2 2/2] Adding basic calls to
	libseccomp in vl.c
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Corey Bryant <coreyb@linux.vnet.ibm.com>
Cc: Blue Swirl <blauwirbel@gmail.com>, Paul Moore <pmoore@redhat.com>, qemu-devel@nongnu.org, Eduardo Otubo <otubo@linux.vnet.ibm.com>

Il 18/06/2012 23:53, Corey Bryant ha scritto:
>>
>> Can each thread have separate seccomp whitelists? For example CPU
>> threads should not need pretty much anything but the I/O thread needs
>> I/O.
>>
> 
> No, seccomp filters are defined and enforced at the process level.

Perhaps we can add (at the kernel level) a way for seccomp filters to
examine the current tid.

Paolo