Re: [libvirt] [PATCH v0] qemu: Add sandbox support.
On 09/03/2012 03:07 PM, Doug Goldstein wrote:
On Mon, Sep 3, 2012 at 7:03 AM, Ján Tomko <jtomko(a)redhat.com>
wrote:
> QEMU (since 1.2-rc0) supports setting up a syscall whitelist through
> libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying
> -sandbox on on qemu command line.
<snip>
There's a big push to not rely on -help scraping, please work with
qemu upstream to get this exposed through the QMP and query for the
capability that way.
We already agreed upstream that 1.2 and older can use -help scraping,
and that 1.3 and newer will assume that all features present in 1.2 are
still present, and that QMP queries will supply the rest. Therefore,
I'm okay with -help scraping for 1.2, and just blindly assuming that
-sandbox exists if we detected version 1.3 through a QMP query.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 617 bytes)