From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36404)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1Vq4WH-0001j8-Dn
	for qemu-devel@nongnu.org; Mon, 09 Dec 2013 12:21:30 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1Vq4W8-0007lV-FE
	for qemu-devel@nongnu.org; Mon, 09 Dec 2013 12:21:21 -0500
Received: from e24smtp02.br.ibm.com ([32.104.18.86]:60023)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1Vq4W8-0007lC-2F
	for qemu-devel@nongnu.org; Mon, 09 Dec 2013 12:21:12 -0500
Received: from /spool/local
	by e24smtp02.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <otubo@linux.vnet.ibm.com>;
	Mon, 9 Dec 2013 15:21:09 -0200
Received: from d24relay03.br.ibm.com (d24relay03.br.ibm.com [9.13.184.25])
	by d24dlp02.br.ibm.com (Postfix) with ESMTP id F14ED1DC004E
	for <qemu-devel@nongnu.org>; Mon,  9 Dec 2013 12:21:07 -0500 (EST)
Received: from d24av04.br.ibm.com (d24av04.br.ibm.com [9.8.31.97])
	by d24relay03.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	rB9HKnps38862966
	for <qemu-devel@nongnu.org>; Mon, 9 Dec 2013 15:20:50 -0200
Received: from d24av04.br.ibm.com (localhost [127.0.0.1])
	by d24av04.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
	rB9HL6ni021149
	for <qemu-devel@nongnu.org>; Mon, 9 Dec 2013 15:21:07 -0200
From: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Date: Mon,  9 Dec 2013 15:20:52 -0200
Message-Id: <1386609652-7876-1-git-send-email-otubo@linux.vnet.ibm.com>
Subject: [Qemu-devel] [PATCH] seccomp: "-sandbox on" won't kill Qemu when
	option not built in
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: pmoore@redhat.com, lmr@redhat.com, anthony@codemonkey.ws, Eduardo Otubo <otubo@linux.vnet.ibm.com>

This option was requested by virt-test team so they can run tests with
Qemu and "-sandbox on" set without breaking whole test if host doesn't
have support for seccomp in kernel. It covers two possibilities:

 1) Host kernel support does not support seccomp, but user installed Qemu 
    package with sandbox support: Libseccomp will fail -> qemu will fail 
    nicely and won't stop execution.

 2) Host kernel has support but Qemu package wasn't built with sandbox
    feature. Qemu will fail nicely and won't stop execution.

Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
---
 vl.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/vl.c b/vl.c
index b0399de..a0806dc 100644
--- a/vl.c
+++ b/vl.c
@@ -967,13 +967,11 @@ static int parse_sandbox(QemuOpts *opts, void *opaque)
 #ifdef CONFIG_SECCOMP
         if (seccomp_start() < 0) {
             qerror_report(ERROR_CLASS_GENERIC_ERROR,
-                          "failed to install seccomp syscall filter in the kernel");
-            return -1;
+                          "failed to install seccomp syscall filter in the kernel, disabling it");
         }
 #else
         qerror_report(ERROR_CLASS_GENERIC_ERROR,
-                      "sandboxing request but seccomp is not compiled into this build");
-        return -1;
+                      "sandboxing request but seccomp is not compiled into this build, disabling it");
 #endif
     }
 
@@ -3808,9 +3806,7 @@ int main(int argc, char **argv, char **envp)
         exit(1);
     }
 
-    if (qemu_opts_foreach(qemu_find_opts("sandbox"), parse_sandbox, NULL, 0)) {
-        exit(1);
-    }
+    qemu_opts_foreach(qemu_find_opts("sandbox"), parse_sandbox, NULL, 0);
 
 #ifndef _WIN32
     if (qemu_opts_foreach(qemu_find_opts("add-fd"), parse_add_fd, NULL, 1)) {
-- 
1.8.3.1