Browse code
Block vm86 syscalls in default seccomp profile
These provide an in kernel virtual machine for x86 real mode on x86
used by one very early DOS emulator. Not required for any normal use.
Signed-off-by: Justin Cormack <justin.cormack@unikernel.com>
Justin Cormack authored on 2015/12/30 00:47:23Showing 1 changed files
| ... | ... |
@@ -316,5 +316,17 @@ var defaultSeccompProfile = &configs.Seccomp{
|
| 316 | 316 |
Action: configs.Errno, |
| 317 | 317 |
Args: []*configs.Arg{},
|
| 318 | 318 |
}, |
| 319 |
+ {
|
|
| 320 |
+ // In kernel x86 real mode virtual machine |
|
| 321 |
+ Name: "vm86", |
|
| 322 |
+ Action: configs.Errno, |
|
| 323 |
+ Args: []*configs.Arg{},
|
|
| 324 |
+ }, |
|
| 325 |
+ {
|
|
| 326 |
+ // In kernel x86 real mode virtual machine |
|
| 327 |
+ Name: "vm86old", |
|
| 328 |
+ Action: configs.Errno, |
|
| 329 |
+ Args: []*configs.Arg{},
|
|
| 330 |
+ }, |
|
| 319 | 331 |
}, |
| 320 | 332 |
} |