[Qemu-devel] [PATCH v2 1/1] sandbox: disable -sandbox if CONFIG_SECCOMP undefined

Tue, 15 May 2018 04:36:32 -0700 

If CONFIG_SECCOMP is undefined, the option 'elevateprivileges' remains
compiled. This would make libvirt set the corresponding capability and
then trigger the guest startup fails. So this patch excludes the code
regarding seccomp staff if CONFIG_SECCOMP is undefined.

Signed-off-by: Yi Min Zhao <zyi...@linux.ibm.com>
---
 vl.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/vl.c b/vl.c
index 806eec2ef6..b22d158f5f 100644
--- a/vl.c
+++ b/vl.c
@@ -257,6 +257,7 @@ static QemuOptsList qemu_rtc_opts = {
     },
 };
 
+#ifdef CONFIG_SECCOMP
 static QemuOptsList qemu_sandbox_opts = {
     .name = "sandbox",
     .implied_opt_name = "enable",
@@ -285,6 +286,7 @@ static QemuOptsList qemu_sandbox_opts = {
         { /* end of list */ }
     },
 };
+#endif
 
 static QemuOptsList qemu_option_rom_opts = {
     .name = "option-rom",
@@ -1041,10 +1043,10 @@ static int bt_parse(const char *opt)
     return 1;
 }
 
+#ifdef CONFIG_SECCOMP
 static int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
 {
     if (qemu_opt_get_bool(opts, "enable", false)) {
-#ifdef CONFIG_SECCOMP
         uint32_t seccomp_opts = QEMU_SECCOMP_SET_DEFAULT
                 | QEMU_SECCOMP_SET_OBSOLETE;
         const char *value = NULL;
@@ -1114,14 +1116,11 @@ static int parse_sandbox(void *opaque, QemuOpts *opts, 
Error **errp)
                          "in the kernel");
             return -1;
         }
-#else
-        error_report("seccomp support is disabled");
-        return -1;
-#endif
     }
 
     return 0;
 }
+#endif
 
 static int parse_name(void *opaque, QemuOpts *opts, Error **errp)
 {
@@ -3074,7 +3073,9 @@ int main(int argc, char **argv, char **envp)
     qemu_add_opts(&qemu_mem_opts);
     qemu_add_opts(&qemu_smp_opts);
     qemu_add_opts(&qemu_boot_opts);
+#ifdef CONFIG_SECCOMP
     qemu_add_opts(&qemu_sandbox_opts);
+#endif
     qemu_add_opts(&qemu_add_fd_opts);
     qemu_add_opts(&qemu_object_opts);
     qemu_add_opts(&qemu_tpmdev_opts);
@@ -4071,10 +4072,12 @@ int main(int argc, char **argv, char **envp)
         exit(1);
     }
 
+#ifdef CONFIG_SECCOMP
     if (qemu_opts_foreach(qemu_find_opts("sandbox"),
                           parse_sandbox, NULL, NULL)) {
         exit(1);
     }
+#endif
 
     if (qemu_opts_foreach(qemu_find_opts("name"),
                           parse_name, NULL, NULL)) {
-- 
Yi Min

Reply via email to