On Mon, Sep 03, 2012 at 02:03:39PM +0200, Ján Tomko wrote:
QEMU (since 1.2-rc0) supports setting up a syscall whitelist through libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying -sandbox on on qemu command line.
This patch detects this capability by searching for -sandbox in qemu help output and runs qemu with -sandbox on if sandbox is set to non-zero in qemu.conf.
--- Should this option be in qemu.conf, or would it be better to set it per-domain in the XML? --- src/qemu/qemu.conf | 6 ++++++ src/qemu/qemu_capabilities.c | 3 +++ src/qemu/qemu_capabilities.h | 1 + src/qemu/qemu_command.c | 3 +++ src/qemu/qemu_conf.c | 5 +++++ src/qemu/qemu_conf.h | 1 + 6 files changed, 19 insertions(+), 0 deletions(-)
Hi Ján, I think we need a followup patch for the test area, we need to extend tests/qemuhelpdata/ and tests/qemuhelptest.c to detect the new feature, and check it's processed and exposed correctly, thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/