On 10/23/2012 09:59 AM, Corey Bryant wrote: > Only network devices are prevented, right? > > Also, as I mentioned before, can you limit this to the subset of options > that cause execve() to be issued? For example, can we allow libvirt to > pass an fd for hotplugging a network device (e.g. netdev_add tap,fd=23)? > I don't know for sure but I'm guessing libvirt does that.
Correct, libvirt prefers passing network devices pre-opened via fds, rather than having qemu exec scripts. >> + manual. Also note that the hot plug is disabled when -sandbox >> is in >> + effect > > Not all hotplug abilities are disabled. Just network devices. This is > missing a period too. And not all network hotplug, just hotplug that requires use of exec (again, fd passing bypasses the need for exec). -- Eric Blake ebl...@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
