[libvirt] [PATCH v0] qemu: Add sandbox support.

Eric Blake eblake at redhat.com
Tue Sep 4 11:46:57 UTC 2012


On 09/03/2012 03:07 PM, Doug Goldstein wrote:
> On Mon, Sep 3, 2012 at 7:03 AM, Ján Tomko <jtomko at redhat.com> wrote:
>> QEMU (since 1.2-rc0) supports setting up a syscall whitelist through
>> libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying
>> -sandbox on on qemu command line.
> 
> <snip>
> 
> There's a big push to not rely on -help scraping, please work with
> qemu upstream to get this exposed through the QMP and query for the
> capability that way.

We already agreed upstream that 1.2 and older can use -help scraping,
and that 1.3 and newer will assume that all features present in 1.2 are
still present, and that QMP queries will supply the rest.  Therefore,
I'm okay with -help scraping for 1.2, and just blindly assuming that
-sandbox exists if we detected version 1.3 through a QMP query.

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 617 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120904/1023120b/attachment-0001.sig>


More information about the libvir-list mailing list