On Tue, Dec 11, 2018 at 02:09:11PM +0300, Ilya Maximets wrote: > On 11.12.2018 13:53, Daniel P. Berrangé wrote: > >> > >> Let's restrict memfd backend to systems with sealing support. > > > > I don't think we need todo that - sealing is optional in the QEMU code, > > we simply have it set to the wrong default when sealing is not available. > > That was literally what I've fixed in v1: > https://lists.nongnu.org/archive/html/qemu-devel/2018-11/msg05483.html > > but 2 people suggested me to disable memfd entirely for this case. > Do you think I need to get patch from v1 back ? > > Gerd, Marc-André, what do you think?
I still think it makes sense to require sealing support. Sealing is very useful, and there are only a few kernel versions with memfd but without sealing. So finding such kernels in the wild will become more rare over time. I wouldn't worry too much about them. cheers, Gerd