search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 5a5c383) | patch
sandbox: disable -sandbox if CONFIG_SECCOMP undefined
commit0dd693ef1f15b6e9c4ba8b0118663e10338077cf
authorYi Min Zhao <zyimin@linux.ibm.com>
Thu, 31 May 2018 03:29:37 +0000 (31 11:29 +0800)
committerPaolo Bonzini <pbonzini@redhat.com>
Thu, 31 May 2018 17:12:13 +0000 (31 19:12 +0200)
tree1d03766cddf38d59d808e9a70b22359749633cd9tree | snapshot (tar.gz zip)
parent5a5c383b1373aeb6c87a0d6060f6c3dc7c53082bcommit | diff
sandbox: disable -sandbox if CONFIG_SECCOMP undefined

If CONFIG_SECCOMP is undefined, the option 'elevateprivileges' remains
compiled. This would make libvirt set the corresponding capability and
then trigger failure during guest startup. This patch moves the code
regarding seccomp command line options to qemu-seccomp.c file and
wraps qemu_opts_foreach finding sandbox option with CONFIG_SECCOMP.
Because parse_sandbox() is moved into qemu-seccomp.c file, change
seccomp_start() to static function.

Signed-off-by: Yi Min Zhao <zyimin@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Tested-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
Message-Id: <20180531032937.1925-1-zyimin@linux.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
include/sysemu/seccomp.h diff | blob | blame | history
qemu-seccomp.c diff | blob | blame | history
vl.c diff | blob | blame | history
AR7 emulation for QEMU