Hardening Hypervisors Against VENOM-Style Attacks (Xen Project Blog)
Hardening Hypervisors Against VENOM-Style Attacks (Xen Project Blog)
Posted May 16, 2015 1:18 UTC (Sat) by josh (subscriber, #17465)Parent article: Hardening Hypervisors Against VENOM-Style Attacks (Xen Project Blog)
qemu also already supports putting itself into a seccomp sandbox.
Posted May 17, 2015 0:25 UTC (Sun)
by justincormack (subscriber, #70439)
[Link]
Hardening Hypervisors Against VENOM-Style Attacks (Xen Project Blog)
Although the seccomp filter has a whitelist of over 200 syscalls, so its only a small improvement.