4aa2e497a9
- Improves documentation of SSH fingerprint checking - Fixes SHA256 fingerprints with non-blockdev usage - Blocks the clone3, setns, unshare & execveat syscalls with seccomp - Blocks process spawning via clone syscall, but allows threads, with seccomp - Takes over seccomp maintainer role - Expands firmware descriptor spec to allow flash without NVRAM -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmIOOBkACgkQvobrtBUQ T9/ruhAAr8jkAH8FN5ftx2/L7q8SHpjPupue1CJ0Nl/ykmYhTGc+SqC3R2nZWOk2 Ws8hHVcDVT1lhrGxPtU7o+JPC1TebJTsloimJoKQY3qfdvZadJeR/4KsOUzi2ruu VZ6HiYvZc1c9T+NPf3QRhBo7yyascKWKWHDseUNIt/2DiefCox4QFUDDMG86HiQF KK30xWTvwJdcPxRlbfZbWRoqA0v4OoSDK6Ftp94FQSNBkExO85kstDq3xVaApf8H DE1QD7gf+dvz11wVuFhrf4d1EH032nU0p0kMxhABc4/kZXo5iWXohhzML3/MUEVT pe5/9pzUdWpfXQd/2r7x2PyPgySAG7lGbkgltowY52qnRPaNw9ukwkFCFAj8wiD8 FT2ghvkYD3zLfnZ3nuuzJVjf3pXgCc5VcfXaoffT72a7gpI1LTuEqPFwo04imV4l 21fYFx26mYTGCLH1CwVw8MQ2z/dg6uorT/NHdmRA/KrYJ1Elay2K7DV3Z5jOM5MI 0Ll5HkfsUut+1rioUjNgmlQ+96k/G0P0hVUoTUIcgl3U/GDx2+ypcrNTfmEcaCLV bOhsjtrcg/KAXsCSbvnfDe3bWf0txnscyqoilEzDahLvciWG3d6qlhczLy29LGb4 /w7iqnUcSygXc+a9/ckVo1h5fo0i9qb3W8Pw9klapvz6SGJ83g4= =PeCY -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-next-pull-request' into staging This misc series of changes: - Improves documentation of SSH fingerprint checking - Fixes SHA256 fingerprints with non-blockdev usage - Blocks the clone3, setns, unshare & execveat syscalls with seccomp - Blocks process spawning via clone syscall, but allows threads, with seccomp - Takes over seccomp maintainer role - Expands firmware descriptor spec to allow flash without NVRAM # gpg: Signature made Thu 17 Feb 2022 11:57:13 GMT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/misc-next-pull-request: docs: expand firmware descriptor to allow flash without NVRAM MAINTAINERS: take over seccomp from Eduardo Otubo seccomp: block setns, unshare and execveat syscalls seccomp: block use of clone3 syscall seccomp: fix blocking of process spawning seccomp: add unit test for seccomp filtering seccomp: allow action to be customized per syscall block: print the server key type and fingerprint on failure block: support sha256 fingerprint with pre-blockdev options block: better document SSH host key fingerprint checking Signed-off-by: Peter Maydell <peter.maydell@linaro.org> |
||
---|---|---|
.. | ||
arm | ||
devices | ||
i386 | ||
ppc | ||
riscv | ||
s390x | ||
authz.rst | ||
barrier.rst | ||
bootindex.rst | ||
confidential-guest-support.rst | ||
cpu-hotplug.rst | ||
cpu-models-mips.rst.inc | ||
cpu-models-x86-abi.csv | ||
cpu-models-x86.rst.inc | ||
device-emulation.rst | ||
device-url-syntax.rst.inc | ||
gdb.rst | ||
generic-loader.rst | ||
guest-loader.rst | ||
images.rst | ||
index.rst | ||
invocation.rst | ||
keys.rst | ||
keys.rst.inc | ||
linuxboot.rst | ||
managed-startup.rst | ||
monitor.rst | ||
multi-process.rst | ||
mux-chardev.rst | ||
mux-chardev.rst.inc | ||
pr-manager.rst | ||
qemu-block-drivers.rst | ||
qemu-block-drivers.rst.inc | ||
qemu-cpu-models.rst | ||
qemu-manpage.rst | ||
quickstart.rst | ||
secrets.rst | ||
security.rst | ||
target-arm.rst | ||
target-avr.rst | ||
target-i386-desc.rst.inc | ||
target-i386.rst | ||
target-m68k.rst | ||
target-mips.rst | ||
target-ppc.rst | ||
target-riscv.rst | ||
target-rx.rst | ||
target-s390x.rst | ||
target-sparc64.rst | ||
target-sparc.rst | ||
target-xtensa.rst | ||
targets.rst | ||
tls.rst | ||
virtio-net-failover.rst | ||
vnc-security.rst |