[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: query-command-line-options
|
From: |
Markus Armbruster |
|
Subject: |
Re: query-command-line-options |
|
Date: |
Fri, 26 May 2023 14:10:58 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) |
Ján Tomko <jtomko@redhat.com> writes:
> On a Friday in 2023, Markus Armbruster wrote:
>>> { "sandbox", NULL, QEMU_CAPS_SECCOMP_SANDBOX },
>>
>>Does option -sandbox exist?
>>
>>It does since v1.2. If CONFIG_SECCOMP is off, actually using it is a
>>fatal error. Compiling out the option entirely would be more useful, I
>>guess.
>>
>>Is this probe still useful?
>
> I believe so.
>
> libvirt adds '-sandbox on' to all VMs it runs, unless the option is not
> available.
>
> Some users wanted to run libvirt with QEMUs without libseccomp,
> which resulted in the following QEMU commit.
>
> commit 0dd693ef1f15b6e9c4ba8b0118663e10338077cf
> sandbox: disable -sandbox if CONFIG_SECCOMP undefined
>
> While using this option won't work if CONFIG_SECCOMP is off,
> it should not show up in q-c-l-o so libvirt won't even try to use it.
You're right: the option exists regardless of CONFIG_SECCOMP, but it
shows up in q-c-l-o only when CONFIG_SECCOMP is on.
> If I'm reading
> commit 90835c2b8127406615785a9d4348ffdf3c813c8a
> seccomp: convert to meson
> correctly, then the whole softmmu/qemu-seccomp.c file is only compiled
> if seccomp was found.
>
> Jano