qemu-e2k/block
Peter Maydell 4aa2e497a9 This misc series of changes:
- Improves documentation of SSH fingerprint checking
  - Fixes SHA256 fingerprints with non-blockdev usage
  - Blocks the clone3, setns, unshare & execveat syscalls
    with seccomp
  - Blocks process spawning via clone syscall, but allows
    threads, with seccomp
  - Takes over seccomp maintainer role
  - Expands firmware descriptor spec to allow flash
    without NVRAM
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmIOOBkACgkQvobrtBUQ
 T9/ruhAAr8jkAH8FN5ftx2/L7q8SHpjPupue1CJ0Nl/ykmYhTGc+SqC3R2nZWOk2
 Ws8hHVcDVT1lhrGxPtU7o+JPC1TebJTsloimJoKQY3qfdvZadJeR/4KsOUzi2ruu
 VZ6HiYvZc1c9T+NPf3QRhBo7yyascKWKWHDseUNIt/2DiefCox4QFUDDMG86HiQF
 KK30xWTvwJdcPxRlbfZbWRoqA0v4OoSDK6Ftp94FQSNBkExO85kstDq3xVaApf8H
 DE1QD7gf+dvz11wVuFhrf4d1EH032nU0p0kMxhABc4/kZXo5iWXohhzML3/MUEVT
 pe5/9pzUdWpfXQd/2r7x2PyPgySAG7lGbkgltowY52qnRPaNw9ukwkFCFAj8wiD8
 FT2ghvkYD3zLfnZ3nuuzJVjf3pXgCc5VcfXaoffT72a7gpI1LTuEqPFwo04imV4l
 21fYFx26mYTGCLH1CwVw8MQ2z/dg6uorT/NHdmRA/KrYJ1Elay2K7DV3Z5jOM5MI
 0Ll5HkfsUut+1rioUjNgmlQ+96k/G0P0hVUoTUIcgl3U/GDx2+ypcrNTfmEcaCLV
 bOhsjtrcg/KAXsCSbvnfDe3bWf0txnscyqoilEzDahLvciWG3d6qlhczLy29LGb4
 /w7iqnUcSygXc+a9/ckVo1h5fo0i9qb3W8Pw9klapvz6SGJ83g4=
 =PeCY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-next-pull-request' into staging

This misc series of changes:

 - Improves documentation of SSH fingerprint checking
 - Fixes SHA256 fingerprints with non-blockdev usage
 - Blocks the clone3, setns, unshare & execveat syscalls
   with seccomp
 - Blocks process spawning via clone syscall, but allows
   threads, with seccomp
 - Takes over seccomp maintainer role
 - Expands firmware descriptor spec to allow flash
   without NVRAM

# gpg: Signature made Thu 17 Feb 2022 11:57:13 GMT
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange-gitlab/tags/misc-next-pull-request:
  docs: expand firmware descriptor to allow flash without NVRAM
  MAINTAINERS: take over seccomp from Eduardo Otubo
  seccomp: block setns, unshare and execveat syscalls
  seccomp: block use of clone3 syscall
  seccomp: fix blocking of process spawning
  seccomp: add unit test for seccomp filtering
  seccomp: allow action to be customized per syscall
  block: print the server key type and fingerprint on failure
  block: support sha256 fingerprint with pre-blockdev options
  block: better document SSH host key fingerprint checking

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-02-23 09:25:05 +00:00
..
export block/export/fuse: Fix build failure on FreeBSD 2022-02-01 13:49:15 +01:00
monitor include/sysemu/blockdev.h: remove drive_mark_claimed_by_board and inline drive_def 2022-01-14 12:03:16 +01:00
accounting.c block/accounting: Use lock guard macros 2020-12-11 17:52:39 +01:00
aio_task.c block/aio_task: assert max_busy_tasks is greater than 0 2021-10-05 18:56:41 +02:00
amend.c block/amend: Check whether the node exists 2020-07-27 12:37:25 +02:00
backup.c jobs: Give Job.force_cancel more meaning 2021-10-07 10:42:34 +02:00
blkdebug.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blklogwrites.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blkreplay.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blkverify.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
block-backend.c block-backend: Retain permissions after migration 2022-02-01 10:51:39 +01:00
block-copy.c block/block-copy: block_copy_state_new(): drop extra arguments 2021-09-01 14:38:08 +02:00
block-gen.h scripts: add block-coroutine-wrapper.py 2020-10-05 10:59:06 +01:00
bochs.c block: use int64_t instead of uint64_t in driver read handlers 2021-09-29 13:46:31 -05:00
cloop.c block: use int64_t instead of uint64_t in driver read handlers 2021-09-29 13:46:31 -05:00
commit.c block: drop BLK_PERM_GRAPH_MOD 2022-01-14 12:03:16 +01:00
copy-before-write.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
copy-before-write.h block/copy-before-write: bdrv_cbw_append(): drop unused compress arg 2021-09-01 14:03:47 +02:00
copy-on-read.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
copy-on-read.h copy-on-read: add filter drop function 2021-01-26 11:26:54 +01:00
coroutines.h block-backend: drop blk_prw, use block-coroutine-wrapper 2021-10-15 15:53:24 -05:00
create.c block/create: Do not abort if a block driver is not available 2019-09-13 12:18:37 +02:00
crypto.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
crypto.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
curl.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
dirty-bitmap.c iotests: Improve and rename test 291 to qemu-img-bitmap 2021-07-21 14:14:41 -05:00
dmg-bz2.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
dmg-lzfse.c block: Remove unused include 2020-11-09 15:44:21 +01:00
dmg.c block: use int64_t instead of uint64_t in driver read handlers 2021-09-29 13:46:31 -05:00
dmg.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
file-posix.c block/file-posix: Simplify the XFS_IOC_DIOINFO handling 2022-01-12 14:09:04 +01:00
file-win32.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
filter-compress.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
gluster.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
io_uring.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
io.c block/io: Update BSC only if want_zero is true 2022-01-28 16:52:40 -06:00
iscsi-opts.c modules: add block module annotations 2021-07-09 18:20:27 +02:00
iscsi.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
linux-aio.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
meson.build configure, meson: move block layer options to meson_options.txt 2022-02-21 10:35:53 +01:00
mirror.c block: drop BLK_PERM_GRAPH_MOD 2022-01-14 12:03:16 +01:00
nbd.c block/nbd: Move s->ioc on AioContext change 2022-02-11 14:06:15 +01:00
nfs.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
null.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
nvme.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
parallels-ext.c parallels: support bitmap extension for read-only mode 2021-03-08 14:56:55 +01:00
parallels.c parallels: support bitmap extension for read-only mode 2021-03-08 14:56:55 +01:00
parallels.h parallels: support bitmap extension for read-only mode 2021-03-08 14:56:55 +01:00
preallocate.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
progress_meter.c progressmeter: protect with a mutex 2021-06-25 14:24:24 +03:00
qapi-sysemu.c block: Move system emulator QMP commands to block/qapi-sysemu.c 2020-03-06 17:15:38 +01:00
qapi.c block: use GDateTime for formatting timestamp when dumping snapshot info 2021-06-14 13:28:50 +01:00
qcow2-bitmap.c nbd patches for 2021-03-09 2021-03-11 13:57:08 +00:00
qcow2-cache.c core: replace getpagesize() with qemu_real_host_page_size 2019-10-26 15:38:06 +02:00
qcow2-cluster.c qcow2: Silence clang -m32 compiler warning 2021-10-15 15:39:38 -05:00
qcow2-refcount.c qcow2-refcount: check_refblocks(): add separate message for reserved 2021-09-15 18:42:38 +02:00
qcow2-snapshot.c block: consistently use bdrv_is_read_only() 2021-06-02 14:23:20 +02:00
qcow2-threads.c qcow2: add zstd cluster compression 2020-05-13 14:20:31 +02:00
qcow2.c qcow2: simple case support for downgrading of qcow2 images with zstd 2022-02-01 10:51:39 +01:00
qcow2.h qcow2-refcount: check_refblocks(): add separate message for reserved 2021-09-15 18:42:38 +02:00
qcow.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
qed-check.c block/qed: add missed coroutine_fn markers 2019-04-30 15:29:00 +02:00
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-table.c block/qed: add missed coroutine_fn markers 2019-04-30 15:29:00 +02:00
qed.c block: use int64_t instead of int in driver write_zeroes handlers 2021-09-29 13:46:32 -05:00
qed.h qed: Simplify backing reads 2020-07-06 10:34:14 +02:00
quorum.c block: use int64_t instead of int in driver write_zeroes handlers 2021-09-29 13:46:32 -05:00
raw-format.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
rbd.c block/rbd: workaround for ceph issue #53784 2022-02-01 15:16:32 +01:00
replication.c job: @force parameter for job_cancel_sync() 2021-10-07 10:42:09 +02:00
snapshot.c block/snapshot: Clarify goto fallback behavior 2021-06-24 09:49:04 +02:00
ssh.c block: print the server key type and fingerprint on failure 2022-02-16 14:34:16 +00:00
stream.c block/stream: add own blk 2021-12-28 15:18:54 +01:00
throttle-groups.c block/throttle-groups: throttle_group_co_io_limits_intercept(): 64bit bytes 2021-02-03 08:14:00 -06:00
throttle.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
trace-events block/nvme: Display CQ/SQ pointer in nvme_free_queue_pair() 2021-11-02 15:49:12 +01:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vdi.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
vhdx-endian.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
vhdx-log.c block: consistently use bdrv_is_read_only() 2021-06-02 14:23:20 +02:00
vhdx.c block/vhdx: Support vhdx image only with 512 bytes logical sector size 2020-09-15 11:05:13 +02:00
vhdx.h block/vhdx: Use IEC binary prefixes for size constants 2019-04-30 15:29:00 +02:00
vmdk.c vmdk: allow specification of tools version 2021-11-02 12:47:51 +01:00
vpc.c block/vpc: Add a sanity check that fixed-size images have the right type 2021-11-02 12:47:51 +01:00
vvfat.c vvfat: Fix vvfat_write() for writes before the root directory 2022-01-14 12:03:16 +01:00
win32-aio.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
write-threshold.c write-threshold: deal with includes 2021-05-14 16:14:10 +02:00