qemu/docs/system
Peter Maydell 4aa2e497a9 This misc series of changes:
- Improves documentation of SSH fingerprint checking
  - Fixes SHA256 fingerprints with non-blockdev usage
  - Blocks the clone3, setns, unshare & execveat syscalls
    with seccomp
  - Blocks process spawning via clone syscall, but allows
    threads, with seccomp
  - Takes over seccomp maintainer role
  - Expands firmware descriptor spec to allow flash
    without NVRAM
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmIOOBkACgkQvobrtBUQ
 T9/ruhAAr8jkAH8FN5ftx2/L7q8SHpjPupue1CJ0Nl/ykmYhTGc+SqC3R2nZWOk2
 Ws8hHVcDVT1lhrGxPtU7o+JPC1TebJTsloimJoKQY3qfdvZadJeR/4KsOUzi2ruu
 VZ6HiYvZc1c9T+NPf3QRhBo7yyascKWKWHDseUNIt/2DiefCox4QFUDDMG86HiQF
 KK30xWTvwJdcPxRlbfZbWRoqA0v4OoSDK6Ftp94FQSNBkExO85kstDq3xVaApf8H
 DE1QD7gf+dvz11wVuFhrf4d1EH032nU0p0kMxhABc4/kZXo5iWXohhzML3/MUEVT
 pe5/9pzUdWpfXQd/2r7x2PyPgySAG7lGbkgltowY52qnRPaNw9ukwkFCFAj8wiD8
 FT2ghvkYD3zLfnZ3nuuzJVjf3pXgCc5VcfXaoffT72a7gpI1LTuEqPFwo04imV4l
 21fYFx26mYTGCLH1CwVw8MQ2z/dg6uorT/NHdmRA/KrYJ1Elay2K7DV3Z5jOM5MI
 0Ll5HkfsUut+1rioUjNgmlQ+96k/G0P0hVUoTUIcgl3U/GDx2+ypcrNTfmEcaCLV
 bOhsjtrcg/KAXsCSbvnfDe3bWf0txnscyqoilEzDahLvciWG3d6qlhczLy29LGb4
 /w7iqnUcSygXc+a9/ckVo1h5fo0i9qb3W8Pw9klapvz6SGJ83g4=
 =PeCY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-next-pull-request' into staging

This misc series of changes:

 - Improves documentation of SSH fingerprint checking
 - Fixes SHA256 fingerprints with non-blockdev usage
 - Blocks the clone3, setns, unshare & execveat syscalls
   with seccomp
 - Blocks process spawning via clone syscall, but allows
   threads, with seccomp
 - Takes over seccomp maintainer role
 - Expands firmware descriptor spec to allow flash
   without NVRAM

# gpg: Signature made Thu 17 Feb 2022 11:57:13 GMT
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/misc-next-pull-request:
  docs: expand firmware descriptor to allow flash without NVRAM
  MAINTAINERS: take over seccomp from Eduardo Otubo
  seccomp: block setns, unshare and execveat syscalls
  seccomp: block use of clone3 syscall
  seccomp: fix blocking of process spawning
  seccomp: add unit test for seccomp filtering
  seccomp: allow action to be customized per syscall
  block: print the server key type and fingerprint on failure
  block: support sha256 fingerprint with pre-blockdev options
  block: better document SSH host key fingerprint checking

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-02-23 09:25:05 +00:00
..
arm hw/arm: add initial mori-bmc board 2022-02-21 13:30:21 +00:00
devices docs/can: convert to restructuredText 2022-01-20 11:47:52 +00:00
i386 docs: rstfy confidential guest documentation 2022-02-09 09:08:56 +01:00
ppc docs: rstfy confidential guest documentation 2022-02-09 09:08:56 +01:00
riscv docs/system: riscv: Update description of CPU 2022-02-16 12:25:52 +10:00
s390x docs/system/s390x/protvirt.rst: Format literals correctly 2021-08-02 11:42:38 +01:00
authz.rst docs: Drop deprecated 'props' from object-add 2021-11-22 15:02:38 +01:00
barrier.rst docs: Move user-facing barrier docs into system manual 2021-08-02 12:55:51 +01:00
bootindex.rst docs: Move bootindex.txt into system section and rstify 2021-08-02 12:55:51 +01:00
confidential-guest-support.rst docs: rstfy confidential guest documentation 2022-02-09 09:08:56 +01:00
cpu-hotplug.rst docs: Format literals correctly 2021-08-02 11:42:38 +01:00
cpu-models-mips.rst.inc docs/system: Update MIPS CPU documentation 2020-10-17 13:59:40 +02:00
cpu-models-x86-abi.csv docs: add a table showing x86-64 ABI compatibility levels 2021-06-17 14:11:06 -04:00
cpu-models-x86.rst.inc Fix some typos in documentation (found by codespell) 2021-11-22 15:02:38 +01:00
device-emulation.rst docs/can: convert to restructuredText 2022-01-20 11:47:52 +00:00
device-url-syntax.rst.inc docs: Spell QEMU all caps 2021-11-19 10:16:58 +01:00
gdb.rst Fix some typos in documentation (found by codespell) 2021-11-22 15:02:38 +01:00
generic-loader.rst docs: Move licence/copyright from HTML output to rST comments 2021-08-02 11:42:38 +01:00
guest-loader.rst docs: remove non-reference uses of single backticks 2021-11-08 12:27:23 +04:00
images.rst docs: Render binary names as monospaced text 2021-11-22 15:02:38 +01:00
index.rst docs: rstfy confidential guest documentation 2022-02-09 09:08:56 +01:00
invocation.rst docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
keys.rst docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
keys.rst.inc docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
linuxboot.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
managed-startup.rst docs/system: convert managed startup to rST. 2020-03-06 10:05:12 +00:00
monitor.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
multi-process.rst multi-process: fix usage information 2021-09-27 10:57:21 +02:00
mux-chardev.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
mux-chardev.rst.inc docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
pr-manager.rst docs/system/pr-manager.rst: Fix minor docs nits 2020-11-23 11:10:04 +00:00
qemu-block-drivers.rst docs/system: standardize man page sections to --- with overline 2021-09-13 13:56:26 +02:00
qemu-block-drivers.rst.inc block: better document SSH host key fingerprint checking 2022-02-16 14:34:15 +00:00
qemu-cpu-models.rst docs/system: standardize man page sections to --- with overline 2021-09-13 13:56:26 +02:00
qemu-manpage.rst docs/system: standardize man page sections to --- with overline 2021-09-13 13:56:26 +02:00
quickstart.rst docs/system: add a gentle prompt for the complexity to come 2021-03-10 12:13:59 +00:00
secrets.rst docs: document how to pass secret data to QEMU 2021-06-14 13:28:50 +01:00
security.rst docs/system: Convert security.texi to rST format 2020-03-06 10:05:12 +00:00
target-arm.rst docs: Add documentation of Arm 'imx25-pdk' board 2021-08-02 11:42:38 +01:00
target-avr.rst docs: update to show preferred boolean syntax for -chardev 2021-02-25 14:14:33 +01:00
target-i386-desc.rst.inc pcspk: update docs/system/target-i386-desc.rst.inc 2020-07-06 17:01:11 +02:00
target-i386.rst docs: rstfy confidential guest documentation 2022-02-09 09:08:56 +01:00
target-m68k.rst docs: Roll semihosting option information into qemu-options.hx 2020-03-06 10:05:12 +00:00
target-mips.rst docs/system: Update MIPS machine documentation 2021-01-04 23:36:03 +01:00
target-ppc.rst docs/system: ppc: Add documentation for ppce500 machine 2021-05-04 11:41:25 +10:00
target-riscv.rst docs/system: riscv: Add documentation for virt machine 2021-07-15 08:56:00 +10:00
target-rx.rst docs: Document the RX target 2020-06-22 18:37:12 +02:00
target-s390x.rst docs/system/s390x: Add a chapter about s390x boot devices 2020-08-27 12:37:03 +02:00
target-sparc64.rst docs: Roll -prom-env and -g target-specific info into qemu-options.hx 2020-03-06 10:05:18 +00:00
target-sparc.rst docs: Roll -prom-env and -g target-specific info into qemu-options.hx 2020-03-06 10:05:18 +00:00
target-xtensa.rst docs: Roll semihosting option information into qemu-options.hx 2020-03-06 10:05:12 +00:00
targets.rst docs/system: add a gentle prompt for the complexity to come 2021-03-10 12:13:59 +00:00
tls.rst docs: Render binary names as monospaced text 2021-11-22 15:02:38 +01:00
virtio-net-failover.rst docs: Move virtio-net-failover.rst into the system manual 2020-11-23 11:07:41 +00:00
vnc-security.rst docs: recommend SCRAM-SHA-256 SASL mech instead of SHA-1 variant 2021-06-14 13:28:50 +01:00