From: Ján Tomko <jtomko@redhat.com>
Date: Fri, 24 Sep 2021 14:15:30 +0000 (+0200)
Subject: qemu: conf: simplify seccomp_sandbox comment
X-Git-Tag: v7.8.0-rc1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1be5aa6a4c261627c006821712f478c973bd933;p=thirdparty%2Flibvirt.git

qemu: conf: simplify seccomp_sandbox comment

It contains too many negations and conditions that are
no longer relevant now that we only support QEMU >= 2.11.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 8722dc169c..71fd125699 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -769,13 +769,12 @@
 
 
 
-# Use seccomp syscall sandbox in QEMU.
-# 1 == seccomp enabled, 0 == seccomp disabled
+# Use seccomp syscall filtering sandbox in QEMU.
+# 1 == filter enabled, 0 == filter disabled
 #
-# If it is unset (or -1), then seccomp will be enabled
-# only if QEMU >= 2.11.0 is detected, otherwise it is
-# left disabled. This ensures the default config gets
-# protection for new QEMU using the blacklist approach.
+# Unless this option is disabled, QEMU will be run with
+# a seccomp filter that stops it from executing certain
+# syscalls.
 #
 #seccomp_sandbox = 1