---
src/qemu/qemu.conf | 8 ++++++++
src/qemu/qemu_conf.c | 5 +++++
src/qemu/qemu_conf.h | 1 +
3 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 6cd0d80..a2a0824 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -378,3 +378,11 @@
#
#keepalive_interval = 5
#keepalive_count = 5
+
+
+
+# Use seccomp syscall whitelisting in QEMU.
+# 1 = on, 0 = off, -1 = use QEMU default
+# Defaults to -1.
+#
+#sandbox = 1
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index e9e15c5..f4a6077 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -129,6 +129,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
driver->keepAliveInterval = 5;
driver->keepAliveCount = 5;
+ driver->sandbox = -1;
/* Just check the file is readable before opening it, otherwise
* libvirt emits an error.
@@ -570,6 +571,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
CHECK_TYPE("keepalive_count", VIR_CONF_LONG);
if (p) driver->keepAliveCount = p->l;
+ p = virConfGetValue(conf, "sandbox");
+ CHECK_TYPE("sandbox", VIR_CONF_LONG);
+ if (p) driver->sandbox = p->l;
+
virConfFree (conf);
return 0;
}
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index ac285f6..34b952f 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -152,6 +152,7 @@ struct qemud_driver {
int keepAliveInterval;
unsigned int keepAliveCount;
+ int sandbox;
};
typedef struct _qemuDomainCmdlineDef qemuDomainCmdlineDef;
--
1.7.8.6
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list