[libvirt PATCH 2/5] qemu: conf: simplify seccomp_sandbox comment

Ján Tomko jtomko at redhat.com
Fri Sep 24 14:28:44 UTC 2021


It contains too many negations and conditions that are
no longer relevant now that we only support QEMU >= 2.11.

Signed-off-by: Ján Tomko <jtomko at redhat.com>
---
 src/qemu/qemu.conf | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 8722dc169c..71fd125699 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -769,13 +769,12 @@
 
 
 
-# Use seccomp syscall sandbox in QEMU.
-# 1 == seccomp enabled, 0 == seccomp disabled
+# Use seccomp syscall filtering sandbox in QEMU.
+# 1 == filter enabled, 0 == filter disabled
 #
-# If it is unset (or -1), then seccomp will be enabled
-# only if QEMU >= 2.11.0 is detected, otherwise it is
-# left disabled. This ensures the default config gets
-# protection for new QEMU using the blacklist approach.
+# Unless this option is disabled, QEMU will be run with
+# a seccomp filter that stops it from executing certain
+# syscalls.
 #
 #seccomp_sandbox = 1
 
-- 
2.31.1




More information about the libvir-list mailing list