From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:49575)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Tgc0h-00047Q-Dk
	for qemu-devel@nongnu.org; Thu, 06 Dec 2012 09:01:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Tgc0b-0002b7-74
	for qemu-devel@nongnu.org; Thu, 06 Dec 2012 09:01:07 -0500
Received: from mail-ie0-f174.google.com ([209.85.223.174]:56621)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <anthony@codemonkey.ws>) id 1Tgc0b-0002ay-0y
	for qemu-devel@nongnu.org; Thu, 06 Dec 2012 09:01:01 -0500
Received: by mail-ie0-f174.google.com with SMTP id c11so11405999ieb.5
	for <qemu-devel@nongnu.org>; Thu, 06 Dec 2012 06:01:00 -0800 (PST)
From: Anthony Liguori <anthony@codemonkey.ws>
In-Reply-To: <20121206091101.GC29942@redhat.com>
References: <50BCCB77.1080404@redhat.com>
	<20121204094628.1518b973@doriath.home>
	<50BE0BD8.2010501@redhat.com> <20121204152356.GL8233@redhat.com>
	<87liddsk9h.fsf@codemonkey.ws> <20121204195048.GA29929@redhat.com>
	<87vcchijah.fsf@codemonkey.ws> <20121206091101.GC29942@redhat.com>
Date: Thu, 06 Dec 2012 08:00:56 -0600
Message-ID: <87y5hbmg9z.fsf@codemonkey.ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [Qemu-devel] detecting seccomp sandbox capability via QMP
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Luiz Capitulino <lcapitulino@redhat.com>, =?utf-8?Q?J=C3=A1n?= Tomko <jtomko@redhat.com>, qemu-devel@nongnu.org, otubo@linux.vnet.ibm.com

"Daniel P. Berrange" <berrange@redhat.com> writes:

> On Tue, Dec 04, 2012 at 03:44:54PM -0600, Anthony Liguori wrote:
>> "Daniel P. Berrange" <berrange@redhat.com> writes:
>> 
>> > On Tue, Dec 04, 2012 at 01:13:46PM -0600, Anthony Liguori wrote:
>> >> "Daniel P. Berrange" <berrange@redhat.com> writes:
>> >> 
>> >> >
>> >> > In the absence of any way to detect it via QMP, libvirt should fallback
>> >> > to hardcoding it based on the version number. This presumes that QEMU was
>> >> > built with it enabled in configure, but we've no other option for current
>> >> > released 1.2/1.3 versions.
>> >> 
>> >> echo quit | qemu -machine none -S -monitor stdio -vnc none -sandbox on
>> >> 
>> >> A non-zero execute means QEMU doesn't support the option.  This will
>> >> work for any new command line option introduction and can be considered
>> >> a "supported" way of probing for whether options are supported.
>> >
>> > One of the significant benefits to libvirt of the QMP based feature
>> > detection, was that we no longer have to invoke QEMU multiple times
>> > to query different data. I don't want to regress in this regard,
>> > because invoking QEMU many times has a noticable performance impact
>> > for some applications eg virt-sandbox were even 100ms delays are
>> > relevant.  So while what you describe does work, I don't think it
>> > is a satisfactory approach for libvirt.
>> 
>> Okay, so in terms of what exists today, I don't have a better option.
>> But we could add:
>> 
>> { 'enum': 'ConfigEntryType',
>>   'data': [ 'number', 'string', 'bool', 'size' ] }
>> 
>> { 'type': 'ConfigEntry',
>>   'data': { 'name': 'str', 'type': 'ConfigEntryType' } }
>> 
>> { 'type': 'ConfigSection',
>>   'data': { 'name': 'str', 'fields': [ 'ConfigEntry' ] } }
>> 
>> { 'command': 'query-config-schema',
>>   'returns': [ 'ConfigSection' ] }


>> 
>> This technically introspects config sections but obviously could be used
>> to detect the availability of -sandbox.
>> 
>> If it's useful, I can take a quick swing at implementing (or someone
>> else certainly could).
>
> I'm not sure I entirely understand what information a 'ConfigSection'
> would represent. By config here, do you mean any command line argument
> or something else ?

We no longer should be adding command line arguments that don't use
QemuOpts and have a equivalent -readconfig syntax.  We could even
eliminate new options and do something like:

qemu -conf sandbox:enable=on

But that's not user friendly so we'll stick with adding higher level
options like -sandbox.

So what I'm proposing is to introspection on what -readconfig supports
and then from that, you can infer when new higher level command line
arguments are added.

>  Could you give a short example of the actual JSON
> you envisage returning for this schema. Your suggestion sounds good,
> but I want to make sure I'm not mis-understanding things :-)

[ { 'name': 'sandbox',
    'fields': [ { 'name': 'enable', 'type': 'bool' } ] },
  { 'name': 'add-fd',
    'fields': [ { 'name': 'fd', 'type': 'number' },
                { 'name': 'set', 'type': 'number' },
                { 'name': 'opaque', 'type': 'str' } ] },
  ...
]

Regards,

Anthony Liguori

>
> Regards,
> Daniel
> -- 
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org              -o-             http://virt-manager.org :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|