On Tue, May 29, 2018 at 03:31:40PM +0800, Yi Min Zhao wrote:
If CONFIG_SECCOMP is undefined, the option 'elevateprivileges' remains compiled. This would make libvirt set the corresponding capability and then trigger failure during guest startup. This patch moves the code regarding seccomp command line options to qemu-seccomp.c file and wraps qemu_opts_foreach finding sandbox option with CONFIG_SECCOMP. Because parse_sandbox() is moved into qemu-seccomp.c file, change seccomp_start() to static function.Signed-off-by: Yi Min Zhao <zyi...@linux.ibm.com> --- 1. Problem Description ====================== If QEMU is built without seccomp support, 'elevateprivileges' remains compiled. This option of sandbox is treated as an indication for seccomp blacklist support in libvirt. This behavior is introduced by the libvirt commits 31ca6a5 and 3527f9d. It would make libvirt build wrong QEMU cmdline, and then the guest startup would fail. 2. Libvirt Log ============== qemu-system-s390x: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\ resourcecontrol=deny: seccomp support is disabled 3. Fixup ======== Move the code related ot sandbox to qemu-seccomp.c file and wrap them with CONFIG_SECCOMP. So compile the code related to sandbox only when CONFIG_SECCOMP is defined. --- include/sysemu/seccomp.h | 3 +- qemu-seccomp.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++- vl.c | 118 +-------------------------------------------- 3 files changed, 124 insertions(+), 118 deletions(-)
Reviewed-by: Ján Tomko <jto...@redhat.com> Tested-by: Ján Tomko <jto...@redhat.com> Jano
signature.asc
Description: Digital signature
