[libvirt] [PATCH v0] qemu: Add sandbox support.
Daniel Veillard
veillard at redhat.com
Fri Sep 7 03:23:21 UTC 2012
On Mon, Sep 03, 2012 at 02:03:39PM +0200, Ján Tomko wrote:
> QEMU (since 1.2-rc0) supports setting up a syscall whitelist through
> libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying
> -sandbox on on qemu command line.
>
> This patch detects this capability by searching for -sandbox in qemu
> help output and runs qemu with -sandbox on if sandbox is set to non-zero
> in qemu.conf.
>
> ---
> Should this option be in qemu.conf, or would it be better to set it
> per-domain in the XML?
> ---
> src/qemu/qemu.conf | 6 ++++++
> src/qemu/qemu_capabilities.c | 3 +++
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_command.c | 3 +++
> src/qemu/qemu_conf.c | 5 +++++
> src/qemu/qemu_conf.h | 1 +
> 6 files changed, 19 insertions(+), 0 deletions(-)
Hi Ján,
I think we need a followup patch for the test area, we need
to extend tests/qemuhelpdata/ and tests/qemuhelptest.c to detect
the new feature, and check it's processed and exposed correctly,
thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list