New profile: tqemu

[glitsj16]

tqemu

Description: QEMU frontend without libvirt.

https://github.com/thanoulis/tqemu

[kmk3]

Why is the profile for a qemu wrapper in some cases more restrictive than the
profile for qemu itself (qemu-system-x86_64.profile)?

Suggestions:

• Move the contents of qemu-system-x86_64.profile into qemu-common.profile
  and make the former (and qemu-launcher.profile) redirect to the latter
• Make tqemu.profile redirect to qemu-common.profile
• Harden qemu-common.profile (preferably in another PR as it may cause
  breakage for qemu itself)

[glitsj16]

Why is the profile for a qemu wrapper in some cases more restrictive than the
profile for qemu itself (qemu-system-x86_64.profile)?

AFAIK tqemu is the only such wrapper that doesn't rely on libvirt. It's more limited in its functionality, but that also makes it very straightforward to sandbox.

I'll need more time to refactor/double-check the qemu wrappers as you suggested. Thanks!

[kmk3]

Why is the profile for a qemu wrapper in some cases more restrictive than
the profile for qemu itself (qemu-system-x86_64.profile)?

AFAIK tqemu is the only such wrapper that doesn't rely on libvirt. It's more
limited in its functionality, but that also makes it very straightforward to
sandbox.

That's good to know, but qemu itself does not use libvirt (it's essentially the
other way around).

My point was that in general it doesn't make much sense for a wrapper (tqemu)
to have a more restrictive profile than the thing that it is wrapping (qemu).

I'll need more time to refactor/double-check the qemu wrappers as you
suggested. Thanks!

On second though, for simplicity, I'd just copy and paste most of
qemu-system-x86_64.profile into tqemu.profile for now (so that they are
almost equal) and leave the refactoring/hardening for another PR.

[glitsj16]

On second though, for simplicity, I'd just copy and paste most of
qemu-system-x86_64.profile into tqemu.profile for now...

Done!