From d1be5aa6a4c261627c006821712f478c973bd933 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Fri, 24 Sep 2021 16:15:30 +0200
Subject: [PATCH] qemu: conf: simplify seccomp_sandbox comment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It contains too many negations and conditions that are
no longer relevant now that we only support QEMU >= 2.11.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu.conf | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 8722dc169c..71fd125699 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -769,13 +769,12 @@
 
 
 
-# Use seccomp syscall sandbox in QEMU.
-# 1 == seccomp enabled, 0 == seccomp disabled
+# Use seccomp syscall filtering sandbox in QEMU.
+# 1 == filter enabled, 0 == filter disabled
 #
-# If it is unset (or -1), then seccomp will be enabled
-# only if QEMU >= 2.11.0 is detected, otherwise it is
-# left disabled. This ensures the default config gets
-# protection for new QEMU using the blacklist approach.
+# Unless this option is disabled, QEMU will be run with
+# a seccomp filter that stops it from executing certain
+# syscalls.
 #
 #seccomp_sandbox = 1