qemu: conf: simplify seccomp_sandbox comment

It contains too many negations and conditions that are
no longer relevant now that we only support QEMU >= 2.11.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 8722dc169c77c6016d9eb6bd8a2c2e55d265f755..71fd125699c702171f17b91d4496adb041c6fdef 100644 (file)
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -769,13 +769,12 @@
 
 
 
-# Use seccomp syscall sandbox in QEMU.
-# 1 == seccomp enabled, 0 == seccomp disabled
+# Use seccomp syscall filtering sandbox in QEMU.
+# 1 == filter enabled, 0 == filter disabled
 #
-# If it is unset (or -1), then seccomp will be enabled
-# only if QEMU >= 2.11.0 is detected, otherwise it is
-# left disabled. This ensures the default config gets
-# protection for new QEMU using the blacklist approach.
+# Unless this option is disabled, QEMU will be run with
+# a seccomp filter that stops it from executing certain
+# syscalls.
 #
 #seccomp_sandbox = 1