Re: [PATCH v0] qemu: Add sandbox support.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Sep 07, 2012 at 01:29:25PM +0200, Ján Tomko wrote:
> On 09/07/12 05:25, Daniel Veillard wrote:
> > 
> >   The problem is that libvirt and qemu releases are a priori not
> > tied, doing what you suggest would mean to try to guess the actual
> > qemu version used by the guest and then switch on or off, which would
> > somehow be at odd with the overall driver configuration.
> >   This also raises the point of the semantic of -sandbox, the code
> > assumes that if it is not present then sandboxing is off, and if
> > it is present sandboxing is on, now what you say seems to imply that
> > sandboxing is on in 1.3 if not present. If right then we need to instead
> > do something like -sandbox=off to make sure we propagate the setting
> > assuming the qemu.conf explicitely states sandbox=0
> > 
> >   So we are I think in a tristate configuration:
> >    - sandbox=0 in qemu.conf
> >      and we need to force it off if supported
> >    - sandbox=1 in qemu.conf
> >      and we need to force it on if supported
> >    - commented out in qemu.conf
> >      fallback to the qemu for that guest default
> > 
> > Apparently currently -sandbox takes no arguments, any chance to
> > suport for -sandbox=off before 1.3 ? Because otherwise the global
> > settings of libvirt qemu driver will conflict with qemu default setting.
> > 
> > Daniel
> > 
> -sandbox does require an argument, either on or off, so that tri-state
> configuration is doable at the moment.

  Ah, excellent !

> I don't think having it on by default is a good idea at this time - I
> had to add a few syscalls to the whitelist to get it working for me
> before posting the patch, but somehow I managed to break it since.

  We can try to keep commented out then, but we won't get much testing
  then ...

> I'll look into those tests/qemuhelp*.

  thanks !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]