Command line support for seccomp with -sandbox (v8)

Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> --- v7 -> v8 - Parse options correctly (aliguori)
2025-08-03 07:43:54 -06:00 · 2012-08-14 18:44:08 -03:00 · 2012-08-14 18:44:08 -03:00 · 7d76ad4fa4
commit 7d76ad4fa4
parent 452dfbef60
4 changed files with 55 additions and 8 deletions
--- a/qemu-options.hx
+++ b/qemu-options.hx
@ -2723,6 +2723,16 @@ STEXI
 Old param mode (ARM only).
 ETEXI

+DEF("sandbox", HAS_ARG, QEMU_OPTION_sandbox, \
+    "-sandbox <arg>  Enable seccomp mode 2 system call filter (default 'off').\n",
+    QEMU_ARCH_ALL)
+STEXI
+@item -sandbox
+@findex -sandbox
+Enable Seccomp mode 2 system call filter. 'on' will enable syscall filtering and 'off' will
+disable it.  The default is 'off'.
+ETEXI
+
 DEF("readconfig", HAS_ARG, QEMU_OPTION_readconfig,
    "-readconfig <file>\n", QEMU_ARCH_ALL)
 STEXI