Thanks.

How are the rules managed so as to fit the VM system calls?

Is tuning possible? recommended?

Regards,

2014-12-09 17:32 GMT+01:00 Michal Privoznik <mprivozn@redhat.com>:

On 09.12.2014 15:24, Raymond Durand wrote:

How is libseccomp used/enabled/configured with KVM/QEMU Hypervisor?

You need to set seccomp_sandbox=1 in /etc/libvirt/qemu.conf and restart libvirtd. From now on, any qemu/kvm guest that libvirt starts will use seccomp or fail if qemu binary doesn't support it.

Michal