Re: [PATCH v0] qemu: Add sandbox support.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Sep 03, 2012 at 02:03:39PM +0200, Ján Tomko wrote:
> QEMU (since 1.2-rc0) supports setting up a syscall whitelist through
> libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying
> -sandbox on on qemu command line.
> 
> This patch detects this capability by searching for -sandbox in qemu
> help output and runs qemu with -sandbox on if sandbox is set to non-zero
> in qemu.conf.
> 
> ---
> Should this option be in qemu.conf, or would it be better to set it
> per-domain in the XML?
> ---
>  src/qemu/qemu.conf           |    6 ++++++
>  src/qemu/qemu_capabilities.c |    3 +++
>  src/qemu/qemu_capabilities.h |    1 +
>  src/qemu/qemu_command.c      |    3 +++
>  src/qemu/qemu_conf.c         |    5 +++++
>  src/qemu/qemu_conf.h         |    1 +
>  6 files changed, 19 insertions(+), 0 deletions(-)

  Hi Ján,

I think we need a followup patch for the test area, we need
to extend tests/qemuhelpdata/ and tests/qemuhelptest.c to detect
the new feature, and check it's processed and exposed correctly,

 thanks !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]