Re: [libvirt] [PATCHv2 3/4] qemu: add -sandbox to command line if requested
On 09/14/12 17:14, Corey Bryant wrote:
On 09/12/2012 04:03 AM, Ján Tomko wrote:
> + if (qemuCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_SANDBOX)) {
> + if (driver->seccompSandbox == 0)
> + virCommandAddArgList(cmd, "-sandbox", "off", NULL);
> + else if (driver->seccompSandbox > 0)
> + virCommandAddArgList(cmd, "-sandbox", "on", NULL);
> + } else if (driver->seccompSandbox > 0) {
Should this be (driver->seccompSandbox >= 0) ?
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("QEMU does not support seccomp sandboxes"));
> + goto error;
> + }
> +
I don't think so. If QEMU doesn't support -sandbox, it's like it was
off, which is what the user requested by setting it to 0.
Jan