This maps to `virtiofsd -o sandbox=chroot|namespace`, which was added in qemu 5.2.0: https://git.qemu.org/?p=qemu.git;a=commit;h=06844584b62a43384642f7243b0fc01c9fff0fc7 Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx> --- src/qemu/qemu_validate.c | 7 +++++++ src/qemu/qemu_virtiofs.c | 2 ++ 2 files changed, 9 insertions(+) diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 6043f974ce..b272ab0087 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -4081,6 +4081,13 @@ qemuValidateDomainDeviceDefFS(virDomainFSDefPtr fs, } } + if (fs->fsdriver != VIR_DOMAIN_FS_DRIVER_TYPE_VIRTIOFS && + fs->sandbox != VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("sandbox can only be used with driver=virtiofs")); + return -1; + } + switch ((virDomainFSDriverType) fs->fsdriver) { case VIR_DOMAIN_FS_DRIVER_TYPE_DEFAULT: case VIR_DOMAIN_FS_DRIVER_TYPE_PATH: diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c index 2e239cad66..988b757d6f 100644 --- a/src/qemu/qemu_virtiofs.c +++ b/src/qemu/qemu_virtiofs.c @@ -131,6 +131,8 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfigPtr cfg, virQEMUBuildBufferEscapeComma(&opts, fs->src->path); if (fs->cache) virBufferAsprintf(&opts, ",cache=%s", virDomainFSCacheModeTypeToString(fs->cache)); + if (fs->sandbox) + virBufferAsprintf(&opts, ",sandbox=%s", virDomainFSSandboxModeTypeToString(fs->sandbox)); if (fs->xattr == VIR_TRISTATE_SWITCH_ON) virBufferAddLit(&opts, ",xattr"); -- 2.30.2