Re: [libvirt] [PATCH v0] qemu: Add sandbox support.
On Mon, Sep 03, 2012 at 02:03:39PM +0200, Ján Tomko wrote:
QEMU (since 1.2-rc0) supports setting up a syscall whitelist through
libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying
-sandbox on on qemu command line.
This patch detects this capability by searching for -sandbox in qemu
help output and runs qemu with -sandbox on if sandbox is set to non-zero
in qemu.conf.
---
Should this option be in qemu.conf, or would it be better to set it
per-domain in the XML?
---
src/qemu/qemu.conf | 6 ++++++
src/qemu/qemu_capabilities.c | 3 +++
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 3 +++
src/qemu/qemu_conf.c | 5 +++++
src/qemu/qemu_conf.h | 1 +
6 files changed, 19 insertions(+), 0 deletions(-)
Hi Ján,
I think we need a followup patch for the test area, we need
to extend tests/qemuhelpdata/ and tests/qemuhelptest.c to detect
the new feature, and check it's processed and exposed correctly,
thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/