On 05/06/2018 10:32 PM, Yi Min Zhao wrote:
In the subject line: s/avoid to compile/avoid compiling/
If CONFIG_SECCOMP is undefined, the option 'elevatorprivileges' remains
s/elevator/elevate/
complied. This would make libvirt set the corresponding capability and
s/complied/compiled/
then trigger the guest startup fails. So let's wrap the options with
CONFIG_SECCOMP.
Signed-off-by: Yi Min Zhao <zyi...@linux.ibm.com>
---
vl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/vl.c b/vl.c
index fce1fd12d8..cb07b19c02 100644
--- a/vl.c
+++ b/vl.c
@@ -268,6 +268,7 @@ static QemuOptsList qemu_sandbox_opts = {
.name = "enable",
.type = QEMU_OPT_BOOL,
},
+#ifdef CONFIG_SECCOMP
{
.name = "obsolete",
.type = QEMU_OPT_STRING,
@@ -284,6 +285,7 @@ static QemuOptsList qemu_sandbox_opts = {
.name = "resourcecontrol",
.type = QEMU_OPT_STRING,
},
+#endif
The commit message mentions only 'elevateprivileges' (once the typo is
fixed), but you are also crippling 'obsolete', 'spawn', and
'resourcecontrol'. Perhaps the commit message should call that out
better? Or, since libvirt is looking at just 'elevateprivileges', per
this line in libvirt's qemu_capabilities.c:
src/qemu/qemu_capabilities.c: { "sandbox", "elevateprivileges",
QEMU_CAPS_SECCOMP_BLACKLIST },
is it sufficient to just mask out that one option?
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
