From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52946)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1VjsyU-0002m9-3E
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 10:49:02 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1VjsyL-0007t6-9c
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 10:48:54 -0500
Received: from mail-we0-x22d.google.com ([2a00:1450:400c:c03::22d]:43933)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1VjsyL-0007se-2V
	for qemu-devel@nongnu.org; Fri, 22 Nov 2013 10:48:45 -0500
Received: by mail-we0-f173.google.com with SMTP id t61so1309431wes.18
	for <qemu-devel@nongnu.org>; Fri, 22 Nov 2013 07:48:43 -0800 (PST)
Date: Fri, 22 Nov 2013 16:48:41 +0100
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20131122154841.GA3232@stefanha-thinkpad.redhat.com>
References: <1382440906-3852-1-git-send-email-otubo@linux.vnet.ibm.com>
	<40741416.pCfWYrZXGU@sifl>
	<20131122103931.GB24388@stefanha-thinkpad.redhat.com>
	<3468561.4aYf2ZG3eq@sifl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3468561.4aYf2ZG3eq@sifl>
Subject: Re: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by
	default
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paul Moore <pmoore@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>, coreyb@linux.vnet.ibm.com, qemu-devel <qemu-devel@nongnu.org>, Anthony Liguori <anthony@codemonkey.ws>, Eduardo Otubo <otubo@linux.vnet.ibm.com>

On Fri, Nov 22, 2013 at 09:44:42AM -0500, Paul Moore wrote:
> On Friday, November 22, 2013 11:39:31 AM Stefan Hajnoczi wrote:
> > On Thu, Nov 21, 2013 at 10:48:58AM -0500, Paul Moore wrote:
> > > I'm always open to suggestions on how to improve the development/debugging
> > > process, so if you have any ideas please let me know.
> > 
> > The failure mode is terrible:
> 
> Glad to see you don't feel strongly about things.

Sorry for the rant :).  I know you and Eduardo understand the issues and
have already been working on them.

I hope hearing it from a developer who isn't following seccomp is useful
though.  It shows which issues stick out and hinder usability.  Users
will only be happy with seccomp when it works silently behind the
scenes.  Developers will only be happy with seccomp if it's easy and
rewarding to support/debug.

Stefan