On 09/14/12 17:14, Corey Bryant wrote:
> On 09/12/2012 04:03 AM, Ján Tomko wrote:
>> + if (qemuCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_SANDBOX)) {
>> + if (driver->seccompSandbox == 0)
>> + virCommandAddArgList(cmd, "-sandbox", "off", NULL);
>> + else if (driver->seccompSandbox > 0)
>> + virCommandAddArgList(cmd, "-sandbox", "on", NULL);
>> + } else if (driver->seccompSandbox > 0) {
>
> Should this be (driver->seccompSandbox >= 0) ?
>
>> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
>> + _("QEMU does not support seccomp sandboxes"));
>> + goto error;
>> + }
>> +
I don't think so. If QEMU doesn't support -sandbox, it's like it was
off, which is what the user requested by setting it to 0.
Jan
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list