On 09/03/2012 03:07 PM, Doug Goldstein wrote: > On Mon, Sep 3, 2012 at 7:03 AM, Ján Tomko <jtomko@xxxxxxxxxx> wrote: >> QEMU (since 1.2-rc0) supports setting up a syscall whitelist through >> libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying >> -sandbox on on qemu command line. > > <snip> > > There's a big push to not rely on -help scraping, please work with > qemu upstream to get this exposed through the QMP and query for the > capability that way. We already agreed upstream that 1.2 and older can use -help scraping, and that 1.3 and newer will assume that all features present in 1.2 are still present, and that QMP queries will supply the rest. Therefore, I'm okay with -help scraping for 1.2, and just blindly assuming that -sandbox exists if we detected version 1.3 through a QMP query. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list