From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:56659)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1TfxwL-0008NQ-Ql
	for qemu-devel@nongnu.org; Tue, 04 Dec 2012 14:14:02 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1TfxwG-0001Bm-M3
	for qemu-devel@nongnu.org; Tue, 04 Dec 2012 14:13:57 -0500
Received: from mail-ie0-f178.google.com ([209.85.223.178]:48342)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1TfxwG-0001Bb-H2
	for qemu-devel@nongnu.org; Tue, 04 Dec 2012 14:13:52 -0500
Received: by mail-ie0-f178.google.com with SMTP id c12so7942538ieb.23
	for <qemu-devel@nongnu.org>; Tue, 04 Dec 2012 11:13:50 -0800 (PST)
From: Anthony Liguori <anthony@codemonkey.ws>
In-Reply-To: <20121204152356.GL8233@redhat.com>
References: <50BCCB77.1080404@redhat.com>
	<20121204094628.1518b973@doriath.home>
	<50BE0BD8.2010501@redhat.com> <20121204152356.GL8233@redhat.com>
Date: Tue, 04 Dec 2012 13:13:46 -0600
Message-ID: <87liddsk9h.fsf@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] detecting seccomp sandbox capability via QMP
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>, =?utf-8?Q?J=C3=A1n?= Tomko <jtomko@redhat.com>
Cc: Luiz Capitulino <lcapitulino@redhat.com>, qemu-devel@nongnu.org, otubo@linux.vnet.ibm.com

"Daniel P. Berrange" <berrange@redhat.com> writes:

> On Tue, Dec 04, 2012 at 03:42:32PM +0100, J=C3=A1n Tomko wrote:
>> On 12/04/12 12:46, Luiz Capitulino wrote:
>> > On Mon, 03 Dec 2012 16:55:35 +0100
>> > J=C3=A1n Tomko <jtomko@redhat.com> wrote:
>> >=20
>> >> Hello,
>> >>
>> >> is there a way to check if QEMU was compiled with --enable-seccomp vi=
a QMP?
>> >=20
>> > Not that I'm aware of. Could you describe your use-case?
>>=20
>> It's for libvirt. The detection is broken since the switch from parsing
>> -help output to QMP and I wanted to fix it.
>>=20
>> Assuming it's supported if we do capabilities detection via QMP (since
>> libvirt 1.0.0 and QEMU 1.2) would work except for this case:
>> If seccomp sandbox was requested in /etc/libvirt/qemu.conf, but it was
>> compiled out from qemu, libvirt would try to run QEMU with -sandbox on
>> instead of printing an error earlier.
>
> In the absence of any way to detect it via QMP, libvirt should fallback
> to hardcoding it based on the version number. This presumes that QEMU was
> built with it enabled in configure, but we've no other option for current
> released 1.2/1.3 versions.

echo quit | qemu -machine none -S -monitor stdio -vnc none -sandbox on

A non-zero execute means QEMU doesn't support the option.  This will
work for any new command line option introduction and can be considered
a "supported" way of probing for whether options are supported.

Regards,

Anthony Liguori

>
> Daniel
> --=20
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange=
/ :|
> |: http://libvirt.org              -o-             http://virt-manager.or=
g :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr=
/ :|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vn=
c :|