-
Peter Maydell authoredThis misc series of changes: - Improves documentation of SSH fingerprint checking - Fixes SHA256 fingerprints with non-blockdev usage - Blocks the clone3, setns, unshare & execveat syscalls with seccomp - Blocks process spawning via clone syscall, but allows threads, with seccomp - Takes over seccomp maintainer role - Expands firmware descriptor spec to allow flash without NVRAM # gpg: Signature made Thu 17 Feb 2022 11:57:13 GMT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/misc-next-pull-request: docs: expand firmware descriptor to allow flash without NVRAM MAINTAINERS: take over seccomp from Eduardo Otubo seccomp: block setns, unshare and execveat syscalls seccomp: block use of clone3 syscall seccomp: fix blocking of process spawning seccomp: add unit test for seccomp filtering seccomp: allow action to be customized per syscall block: print the server key type and fingerprint on failure block: support sha256 fingerprint with pre-blockdev options block: better document SSH host key fingerprint checking Signed-off-by:
Peter Maydell <peter.maydell@linaro.org>Peter Maydell authoredThis misc series of changes: - Improves documentation of SSH fingerprint checking - Fixes SHA256 fingerprints with non-blockdev usage - Blocks the clone3, setns, unshare & execveat syscalls with seccomp - Blocks process spawning via clone syscall, but allows threads, with seccomp - Takes over seccomp maintainer role - Expands firmware descriptor spec to allow flash without NVRAM # gpg: Signature made Thu 17 Feb 2022 11:57:13 GMT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/misc-next-pull-request: docs: expand firmware descriptor to allow flash without NVRAM MAINTAINERS: take over seccomp from Eduardo Otubo seccomp: block setns, unshare and execveat syscalls seccomp: block use of clone3 syscall seccomp: fix blocking of process spawning seccomp: add unit test for seccomp filtering seccomp: allow action to be customized per syscall block: print the server key type and fingerprint on failure block: support sha256 fingerprint with pre-blockdev options block: better document SSH host key fingerprint checking Signed-off-by:Peter Maydell <peter.maydell@linaro.org>
Loading