On Mon, Sep 03, 2012 at 02:03:39PM +0200, Ján Tomko wrote: > QEMU (since 1.2-rc0) supports setting up a syscall whitelist through > libseccomp on linux kernel from 3.5-rc1. This is enabled by specifying > -sandbox on on qemu command line. > > This patch detects this capability by searching for -sandbox in qemu > help output and runs qemu with -sandbox on if sandbox is set to non-zero > in qemu.conf. > > --- > Should this option be in qemu.conf, or would it be better to set it > per-domain in the XML? > --- > src/qemu/qemu.conf | 6 ++++++ > src/qemu/qemu_capabilities.c | 3 +++ > src/qemu/qemu_capabilities.h | 1 + > src/qemu/qemu_command.c | 3 +++ > src/qemu/qemu_conf.c | 5 +++++ > src/qemu/qemu_conf.h | 1 + > 6 files changed, 19 insertions(+), 0 deletions(-) Hi Ján, I think we need a followup patch for the test area, we need to extend tests/qemuhelpdata/ and tests/qemuhelptest.c to detect the new feature, and check it's processed and exposed correctly, thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list