在 2018/5/29 下午4:40, Ján Tomko 写道:
On Tue, May 29, 2018 at 03:31:40PM +0800, Yi Min Zhao wrote:
If CONFIG_SECCOMP is undefined, the option 'elevateprivileges' remains
compiled. This would make libvirt set the corresponding capability and
then trigger failure during guest startup. This patch moves the code
regarding seccomp command line options to qemu-seccomp.c file and
wraps qemu_opts_foreach finding sandbox option with CONFIG_SECCOMP.
Because parse_sandbox() is moved into qemu-seccomp.c file, change
seccomp_start() to static function.
Signed-off-by: Yi Min Zhao <zyi...@linux.ibm.com>
---
1. Problem Description
======================
If QEMU is built without seccomp support, 'elevateprivileges' remains
compiled.
This option of sandbox is treated as an indication for seccomp
blacklist support
in libvirt. This behavior is introduced by the libvirt commits
31ca6a5 and
3527f9d. It would make libvirt build wrong QEMU cmdline, and then the
guest
startup would fail.
2. Libvirt Log
==============
qemu-system-s390x: -sandbox
on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
resourcecontrol=deny: seccomp support is disabled
3. Fixup
========
Move the code related ot sandbox to qemu-seccomp.c file and wrap them
with
CONFIG_SECCOMP. So compile the code related to sandbox only when
CONFIG_SECCOMP is defined.
---
include/sysemu/seccomp.h | 3 +-
qemu-seccomp.c | 121
++++++++++++++++++++++++++++++++++++++++++++++-
vl.c | 118
+--------------------------------------------
3 files changed, 124 insertions(+), 118 deletions(-)
Reviewed-by: Ján Tomko <jto...@redhat.com>
Tested-by: Ján Tomko <jto...@redhat.com>
Jano
Thanks very much!
