On Fri, May 18, 2018 at 07:37:33PM +0800, zhenwei pi wrote: > start qemu fail : qemu-system-x86_64: -sandbox on,obsolete=deny, > elevateprivileges=deny,spawn=deny,resourcecontrol=deny: > seccomp support is disabled > libvirt version : 4.3 > qemu version : 2.12 > reproducer : recompile qemu with ./configure --disable-seccomp, or > remove libseccomp package. > > with default seccompSandbox -1, libvirt try to get config from qemu > cmdline. if qemu disables seccomp (or misses seccomp package), qemu > still reports sandbox help message. libvirt mistakens about qemu real > capability. > > set default seccompSandbox as 0 in code, and still get user conf > from qemu.conf. if user wants to enable seccomp, he should check > qemu firstly, then use the right qemu.conf. This means that everyone who has a sensibly built QEMU will not have seccomp enabled out of the box. IMHO it someone has chosen to turn off seccomp when building QEMU they can just set this qemu.conf parameter to zero themselves. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
