On 05/18/2018 02:52 AM, Ján Tomko wrote:
This patch fixes the usage of QEMU new enough for seccomp blacklist
(where libvirt enables the sandbox by default),
but breaks the usage of QEMU with compiled out sandbox and
setting
seccomp_sandbox = 0
in libvirt's qemu.conf:
error: internal error: process exited while connecting to monitor:
qemu-git: -sandbox off: There is no option group 'sandbox'
But now libvirt requires QEMU >= 1.5.0 which already supports
query-command-line-options, so if you want the option gone completely
--without-seccomp, I can add the code that probes for it and
make seccomp_sandbox = 0 a no-op if it's compiled out.
And that's acceptable - we document that libvirt must be at least as new
as qemu. Mixing old qemu + new libvirt should always work, but mixing
new qemu + old libvirt may fail, and this is one of those cases. The
solution for anyone hitting the failure is to upgrade libvirt to match
the fact that they upgraded qemu.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
