|
|
|
|
|
|
by yencabulator
860 days ago
|
|
|
For anyone else wanting to check on the status of this: it seems they're looking at a combination of seccomp, landlock and a systemd service instance per VM, with systemd doing DynamicUser, namespacing, and initial seccomp. Work seems to be happening right now, but of course it's telling and sad that it wasn't part of the original design. https://github.com/cloud-hypervisor/cloud-hypervisor/issues/... |
|
|