safety

Specify how a qvm process instance responds if any component on which it depends or a vdev isn't safety-certified

Synopsis:

safety none|warn|required

Options:

Possible values are:

none: Ignore the presence of a non-safety component and just run.
warn: If any component isn't safety-certified, issue a warning, and run.
required: If a component isn't safety-certified, issue an error message and move to the DSS (see “Design Safe States” in the “QNX Hypervisor for Safety” chapter).

Description:

Default behaviors are as follows:

QNX Hypervisor for Safety (QHS) — required
QNX Hypervisor — none

Use the safety option to specify how each qvm process instance in your system responds to the presence of uncertified vdevs and components. For example, in the same hypervisor system, you might use safety required for a VM hosting a QOS guest, but safety warn for a VM hosting a Linux guest.

If you specifiy more than one instance of the safety option in the configuration for a VM, the final instance of the option is used to specify the qvm process instance's global response to the presence of uncertified components on which it relies (i.e., how it should respond to the presence of an uncertified procnto variant, or of an uncertified smmuman variant).

Each instance of the safety option in a VM configuration applies to the vdevs that follow it in the VM configuration. Thus, you can use multiple instances of this option to specify different responses for different vdevs. For example, in a QHS VM for a QOS guest, because required is the default safety setting:

safety warn
vdev foo
safety required
vdev moo

will issue a warning and permit the qvm process instance to run if the foo vdev isn't a safety variant, but will move to its DSS if any of the moo vdev, procnto, smmuman, or any other required safety component isn't a safety variant.

However, with the following configuration:

vdev foo
safety warn
vdev moo

because required is the default safety setting, the qvm process instance will move to its DSS if the foo vdev isn't a safety variant. But because warn is the setting for the last instance of the safety option in the VM configuration, the qvm process instance will only issue a warning and run if any of the moo vdev, procnto, smmuman or any other required safety component isn't a safety variant.

For more information about how the QHS behaves when it encounters components that aren't safety certified, see “QHS components” in the “QNX Hypervisor for Safety” chapter.