From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:56659) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TfxwL-0008NQ-Ql for qemu-devel@nongnu.org; Tue, 04 Dec 2012 14:14:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TfxwG-0001Bm-M3 for qemu-devel@nongnu.org; Tue, 04 Dec 2012 14:13:57 -0500 Received: from mail-ie0-f178.google.com ([209.85.223.178]:48342) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TfxwG-0001Bb-H2 for qemu-devel@nongnu.org; Tue, 04 Dec 2012 14:13:52 -0500 Received: by mail-ie0-f178.google.com with SMTP id c12so7942538ieb.23 for ; Tue, 04 Dec 2012 11:13:50 -0800 (PST) From: Anthony Liguori In-Reply-To: <20121204152356.GL8233@redhat.com> References: <50BCCB77.1080404@redhat.com> <20121204094628.1518b973@doriath.home> <50BE0BD8.2010501@redhat.com> <20121204152356.GL8233@redhat.com> Date: Tue, 04 Dec 2012 13:13:46 -0600 Message-ID: <87liddsk9h.fsf@codemonkey.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] detecting seccomp sandbox capability via QMP List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , =?utf-8?Q?J=C3=A1n?= Tomko Cc: Luiz Capitulino , qemu-devel@nongnu.org, otubo@linux.vnet.ibm.com "Daniel P. Berrange" writes: > On Tue, Dec 04, 2012 at 03:42:32PM +0100, J=C3=A1n Tomko wrote: >> On 12/04/12 12:46, Luiz Capitulino wrote: >> > On Mon, 03 Dec 2012 16:55:35 +0100 >> > J=C3=A1n Tomko wrote: >> >=20 >> >> Hello, >> >> >> >> is there a way to check if QEMU was compiled with --enable-seccomp vi= a QMP? >> >=20 >> > Not that I'm aware of. Could you describe your use-case? >>=20 >> It's for libvirt. The detection is broken since the switch from parsing >> -help output to QMP and I wanted to fix it. >>=20 >> Assuming it's supported if we do capabilities detection via QMP (since >> libvirt 1.0.0 and QEMU 1.2) would work except for this case: >> If seccomp sandbox was requested in /etc/libvirt/qemu.conf, but it was >> compiled out from qemu, libvirt would try to run QEMU with -sandbox on >> instead of printing an error earlier. > > In the absence of any way to detect it via QMP, libvirt should fallback > to hardcoding it based on the version number. This presumes that QEMU was > built with it enabled in configure, but we've no other option for current > released 1.2/1.3 versions. echo quit | qemu -machine none -S -monitor stdio -vnc none -sandbox on A non-zero execute means QEMU doesn't support the option. This will work for any new command line option introduction and can be considered a "supported" way of probing for whether options are supported. Regards, Anthony Liguori > > Daniel > --=20 > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange= / :| > |: http://libvirt.org -o- http://virt-manager.or= g :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr= / :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vn= c :|