On 1/18/19 7:03 AM, Ján Tomko wrote:
On Thu, Jan 17, 2019 at 08:21:00AM -0500, John Ferlan wrote:
>
>
> On 1/15/19 8:23 AM, Ján Tomko wrote:
>> Split out parts of the config parsing code to make
>> the parent function easier to read.
>>
>> Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
>> ---
>> src/qemu/qemu_conf.c | 219 +++++++++++++++++++++++--------------------
>> 1 file changed, 117 insertions(+), 102 deletions(-)
>>
>> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
>> index 7fdfed7db1..135cb9e25d 100644
>> --- a/src/qemu/qemu_conf.c
>> +++ b/src/qemu/qemu_conf.c
>> @@ -423,6 +423,121 @@
>> virQEMUDriverConfigHugeTLBFSInit(virHugeTLBFSPtr hugetlbfs,
>> }
>>
>>
>> +static int
>> +virQEMUDriverConfigLoadSecurityEntry(virQEMUDriverConfigPtr cfg,
>> + virConfPtr conf,
>> + bool privileged)
>
> This does security, cgroups, and namespaces...
>
The division is based on src/qemu/libvirtd_qemu.aug
[...]
>> +> + if (virConfGetValueInt(conf, "seccomp_sandbox",
> &cfg->seccompSandbox) < 0)
>> + goto cleanup;
>> +
>
> And again, not security related.
>
How is seccomp not security related?
Jano
Bad cut/snip by me - I meant after seccomp, as in the namespace stuff.
John