Re: [PATCH v0] qemu: Add sandbox support.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/03/2012 03:07 PM, Doug Goldstein wrote:
> On Mon, Sep 3, 2012 at 7:03 AM, Ján Tomko <jtomko@xxxxxxxxxx> wrote:
>> QEMU (since 1.2-rc0) supports setting up a syscall whitelist through
>> libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying
>> -sandbox on on qemu command line.
> 
> <snip>
> 
> There's a big push to not rely on -help scraping, please work with
> qemu upstream to get this exposed through the QMP and query for the
> capability that way.

We already agreed upstream that 1.2 and older can use -help scraping,
and that 1.3 and newer will assume that all features present in 1.2 are
still present, and that QMP queries will supply the rest.  Therefore,
I'm okay with -help scraping for 1.2, and just blindly assuming that
-sandbox exists if we detected version 1.3 through a QMP query.

-- 
Eric Blake   eblake@xxxxxxxxxx    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]