[Slackbuilds-users] qemu-2.12 README update: optional libseccomp

Matteo Bernardini matteo.bernardini at gmail.com
Sun Jun 10 19:54:36 UTC 2018


2018-06-10 19:36 GMT+02:00 Andrzej Telszewski <atelszewski at gmail.com>:
> On 10/06/18 19:30, B Watson wrote:
>>
>> On 6/10/18, Andrzej Telszewski<atelszewski at gmail.com>  wrote:
>>
>>> 2018-06-10T11:27:22.810078Z qemu-kvm: -sandbox
>>> on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny:
>>> seccomp support is disabled
>>
>> libvirt probably defaults to seccomp being enabled, so it adds that
>> "-sandbox" argument to the qemu-kvm command it runs. There should be
>> a way to disable it in the UI somewhere (no, I don't know for sure,
>> I don't actually use libvirt).
>>
>> This probably counts as a bug to be reported to libvirt upstream.
>
>
> You're most probably correct.
> But the fastest solution for me was to compile QEMU against libseccomp...

googling around a little for "libvirt qemu seccomp", IMHO, I would
just modify the sed to qemu.conf in libvirt.SlackBuild like this

sed -i \
  -e "s|^\#group\ =\ \"root\"|group = \"$VIRTGROUP\"|" \
  -e "s|^\#seccomp_sandbox.*|seccomp_sandbox = 0|" \
  $PKG/etc/libvirt/qemu.conf

Matteo


More information about the SlackBuilds-users mailing list