We have seccomp() support in QEMU and we do not have this system call in our whitelist. If an attacker was able to break into QEMU, sandboxing would stop the attempted privilege escalation.
It's a good example of why more applications should use sandboxing if they are likely attack targets.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds