It contains too many negations and conditions that are no longer relevant now that we only support QEMU >= 2.11. Signed-off-by: Ján Tomko <jtomko@xxxxxxxxxx> --- src/qemu/qemu.conf | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 8722dc169c..71fd125699 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -769,13 +769,12 @@ -# Use seccomp syscall sandbox in QEMU. -# 1 == seccomp enabled, 0 == seccomp disabled +# Use seccomp syscall filtering sandbox in QEMU. +# 1 == filter enabled, 0 == filter disabled # -# If it is unset (or -1), then seccomp will be enabled -# only if QEMU >= 2.11.0 is detected, otherwise it is -# left disabled. This ensures the default config gets -# protection for new QEMU using the blacklist approach. +# Unless this option is disabled, QEMU will be run with +# a seccomp filter that stops it from executing certain +# syscalls. # #seccomp_sandbox = 1 -- 2.31.1
