[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v0] qemu: Add sandbox support.

On 09/03/2012 03:07 PM, Doug Goldstein wrote:
> On Mon, Sep 3, 2012 at 7:03 AM, Ján Tomko <jtomko redhat com> wrote:
>> QEMU (since 1.2-rc0) supports setting up a syscall whitelist through
>> libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying
>> -sandbox on on qemu command line.
> <snip>
> There's a big push to not rely on -help scraping, please work with
> qemu upstream to get this exposed through the QMP and query for the
> capability that way.

We already agreed upstream that 1.2 and older can use -help scraping,
and that 1.3 and newer will assume that all features present in 1.2 are
still present, and that QMP queries will supply the rest.  Therefore,
I'm okay with -help scraping for 1.2, and just blindly assuming that
-sandbox exists if we detected version 1.3 through a QMP query.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]