<div dir="ltr"><div><div>Thanks.<br><br></div>How are the rules managed so as to fit the VM system calls?<br></div><div>Is tuning possible? recommended?<br><br></div><div>Regards,</div><div class="gmail_extra"><br><div class="gmail_quote">2014-12-09 17:32 GMT+01:00 Michal Privoznik <span dir="ltr"><<a href="mailto:mprivozn@redhat.com" target="_blank">mprivozn@redhat.com</a>></span>:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 09.12.2014 15:24, Raymond Durand wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
How is libseccomp used/enabled/configured with KVM/QEMU Hypervisor?<br>
</blockquote>
<br></span>
You need to set  seccomp_sandbox=1 in /etc/libvirt/qemu.conf and restart libvirtd. From now on, any qemu/kvm guest that libvirt starts will use seccomp or fail if qemu binary doesn't support it.<span class="HOEnZb"><font color="#888888"><br>
<br>
Michal<br>
</font></span></blockquote></div></div></div>