[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 3/3] seccomp: set the seccomp filter to all t
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [Qemu-devel] [PATCH v3 3/3] seccomp: set the seccomp filter to all threads |
|
Date: |
Wed, 22 Aug 2018 17:46:33 +0100 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Wed, Aug 22, 2018 at 06:39:52PM +0200, Marc-André Lureau wrote:
> Hi
>
> On Wed, Aug 22, 2018 at 6:37 PM Marc-André Lureau
> <address@hidden> wrote:
> >
> > Hi
> >
> > On Wed, Aug 22, 2018 at 6:08 PM Daniel P. Berrangé <address@hidden> wrote:
> > > We would have to make libvirt probe for tsync support too, because it
> > > now unconditionally uses -sandbox for new enough QEMU.
> >
> > sigh :( that's where the -sandbox tsync option could have been helpful
> > keeping the compatibility.
>
> So what can libvirt do if tsync is not available?
It depends how libvirt is configured. If /etc/libvirt/qemu.conf has
seccomp=1, then we'd blindly start QEMU and expect QEMU to fail
because -sandbox can't be usefully enforced. If qemu.conf has "seccomp"
unset, then we'd simply not use -sandbox flag for any guests.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [Qemu-devel] [PATCH v3 0/3] seccomp fixes, Marc-André Lureau, 2018/08/22
- Re: [Qemu-devel] [PATCH v3 3/3] seccomp: set the seccomp filter to all threads, Eric Blake, 2018/08/22
- Re: [Qemu-devel] [PATCH v3 3/3] seccomp: set the seccomp filter to all threads, Marc-André Lureau, 2018/08/22
- Re: [Qemu-devel] [PATCH v3 3/3] seccomp: set the seccomp filter to all threads, Daniel P . Berrangé, 2018/08/22
- Re: [Qemu-devel] [PATCH v3 3/3] seccomp: set the seccomp filter to all threads, Daniel P . Berrangé, 2018/08/22
Re: [Qemu-devel] [PATCH v3 0/3] seccomp fixes, Eduardo Otubo, 2018/08/22