This maps to `virtiofsd -o sandbox=chroot|namespace`, which was added
in qemu 5.2.0:
https://git.qemu.org/?p=qemu.git;a=commit;h=06844584b62a43384642f7243b0fc...
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/qemu/qemu_validate.c | 7 +++++++
src/qemu/qemu_virtiofs.c | 2 ++
2 files changed, 9 insertions(+)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 6043f974ce..b272ab0087 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4081,6 +4081,13 @@ qemuValidateDomainDeviceDefFS(virDomainFSDefPtr fs,
}
}
+ if (fs->fsdriver != VIR_DOMAIN_FS_DRIVER_TYPE_VIRTIOFS &&
+ fs->sandbox != VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("sandbox can only be used with driver=virtiofs"));
+ return -1;
+ }
+
switch ((virDomainFSDriverType) fs->fsdriver) {
case VIR_DOMAIN_FS_DRIVER_TYPE_DEFAULT:
case VIR_DOMAIN_FS_DRIVER_TYPE_PATH:
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index 2e239cad66..988b757d6f 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -131,6 +131,8 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfigPtr cfg,
virQEMUBuildBufferEscapeComma(&opts, fs->src->path);
if (fs->cache)
virBufferAsprintf(&opts, ",cache=%s",
virDomainFSCacheModeTypeToString(fs->cache));
+ if (fs->sandbox)
+ virBufferAsprintf(&opts, ",sandbox=%s",
virDomainFSSandboxModeTypeToString(fs->sandbox));
if (fs->xattr == VIR_TRISTATE_SWITCH_ON)
virBufferAddLit(&opts, ",xattr");
--
2.30.2