Re: [libvirt] [PATCH v0] qemu: Add sandbox support.

On 09/07/12 05:25, Daniel Veillard wrote: > > The problem is that libvirt and qemu releases are a priori not > tied, doing what you suggest would mean to try to guess the actual > qemu version used by the guest and then switch on or off, which would > somehow be at odd with the overall driver configuration. > This also raises the point of the semantic of -sandbox, the code > assumes that if it is not present then sandboxing is off, and if > it is present sandboxing is on, now what you say seems to imply that > sandboxing is on in 1.3 if not present. If right then we need to instead > do something like -sandbox=off to make sure we propagate the setting > assuming the qemu.conf explicitely states sandbox=0 > > So we are I think in a tristate configuration: > - sandbox=0 in qemu.conf > and we need to force it off if supported > - sandbox=1 in qemu.conf > and we need to force it on if supported > - commented out in qemu.conf > fallback to the qemu for that guest default > > Apparently currently -sandbox takes no arguments, any chance to > suport for -sandbox=off before 1.3 ? Because otherwise the global > settings of libvirt qemu driver will conflict with qemu default setting. > > Daniel > -sandbox does require an argument, either on or off, so that tri-state configuration is doable at the moment.

I don't think having it on by default is a good idea at this time - I had to add a few syscalls to the whitelist to get it working for me before posting the patch, but somehow I managed to break it since.

I'll look into those tests/qemuhelp*.