diff options
Diffstat (limited to 'qemu-seccomp.c')
| -rw-r--r-- | qemu-seccomp.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 978d66bd28..f3878a5e29 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -78,6 +78,10 @@ static const struct QemuSeccompSyscall blacklist[] = { { SCMP_SYS(setresgid), QEMU_SECCOMP_SET_PRIVILEGED }, { SCMP_SYS(setfsuid), QEMU_SECCOMP_SET_PRIVILEGED }, { SCMP_SYS(setfsgid), QEMU_SECCOMP_SET_PRIVILEGED }, + /* spawn */ + { SCMP_SYS(fork), QEMU_SECCOMP_SET_SPAWN }, + { SCMP_SYS(vfork), QEMU_SECCOMP_SET_SPAWN }, + { SCMP_SYS(execve), QEMU_SECCOMP_SET_SPAWN }, }; |