OSDN Git Service

(root) / qmiga / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 14fc618) | patch
sandbox: disable -sandbox if CONFIG_SECCOMP undefined
authorYi Min Zhao <zyimin@linux.ibm.com>
Thu, 31 May 2018 03:29:37 +0000 (11:29 +0800)
committerEduardo Otubo <otubo@redhat.com>
Fri, 1 Jun 2018 11:44:15 +0000 (13:44 +0200)
commit9d0fdecbad130f01b602e35e87c6d3fad5821d6e
tree82f742cd079629bf6451341a3f377cd93be3d2f5tree | snapshot
parent14fc618461c2756a3f0b16bf6af198c5d7731137commit | diff
sandbox: disable -sandbox if CONFIG_SECCOMP undefined

If CONFIG_SECCOMP is undefined, the option 'elevatedprivileges' remains
compiled. This would make libvirt set the corresponding capability and
then trigger failure during guest startup. This patch moves the code
regarding seccomp command line options to qemu-seccomp.c file and
wraps qemu_opts_foreach finding sandbox option with CONFIG_SECCOMP.
Because parse_sandbox() is moved into qemu-seccomp.c file, change
seccomp_start() to static function.

Signed-off-by: Yi Min Zhao <zyimin@linux.ibm.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Tested-by: Ján Tomko <jtomko@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
include/sysemu/seccomp.h diff | blob | history
qemu-seccomp.c diff | blob | history
vl.c diff | blob | history
About OSDN
Find Software
Develop Software
Help