From: "Ján Tomko" <jtomko@redhat.com>
To: Yi Min Zhao <zyimin@linux.ibm.com>
Cc: qemu-devel@nongnu.org, otubo@redhat.com, fiuczy@linux.ibm.com,
borntraeger@de.ibm.com, jferlan@redhat.com, pbonzini@redhat.com
Subject: Re: [Qemu-devel] [PATCH v3] sandbox: disable -sandbox if CONFIG_SECCOMP undefined
Date: Tue, 29 May 2018 10:40:21 +0200 [thread overview]
Message-ID: <20180529084021.GC31560@dnr> (raw)
In-Reply-To: <20180529073140.7392-1-zyimin@linux.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 1706 bytes --]
On Tue, May 29, 2018 at 03:31:40PM +0800, Yi Min Zhao wrote:
>If CONFIG_SECCOMP is undefined, the option 'elevateprivileges' remains
>compiled. This would make libvirt set the corresponding capability and
>then trigger failure during guest startup. This patch moves the code
>regarding seccomp command line options to qemu-seccomp.c file and
>wraps qemu_opts_foreach finding sandbox option with CONFIG_SECCOMP.
>Because parse_sandbox() is moved into qemu-seccomp.c file, change
>seccomp_start() to static function.
>
>Signed-off-by: Yi Min Zhao <zyimin@linux.ibm.com>
>---
>1. Problem Description
>======================
>If QEMU is built without seccomp support, 'elevateprivileges' remains compiled.
>This option of sandbox is treated as an indication for seccomp blacklist support
>in libvirt. This behavior is introduced by the libvirt commits 31ca6a5 and
>3527f9d. It would make libvirt build wrong QEMU cmdline, and then the guest
>startup would fail.
>
>2. Libvirt Log
>==============
>qemu-system-s390x: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
>resourcecontrol=deny: seccomp support is disabled
>
>3. Fixup
>========
>Move the code related ot sandbox to qemu-seccomp.c file and wrap them with
>CONFIG_SECCOMP. So compile the code related to sandbox only when
>CONFIG_SECCOMP is defined.
>---
> include/sysemu/seccomp.h | 3 +-
> qemu-seccomp.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++-
> vl.c | 118 +--------------------------------------------
> 3 files changed, 124 insertions(+), 118 deletions(-)
>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Tested-by: Ján Tomko <jtomko@redhat.com>
Jano
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-05-29 8:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-29 7:31 [Qemu-devel] [PATCH v3] sandbox: disable -sandbox if CONFIG_SECCOMP undefined Yi Min Zhao
2018-05-29 8:40 ` Ján Tomko [this message]
2018-05-29 9:01 ` Yi Min Zhao
2018-05-29 9:37 ` Paolo Bonzini
2018-05-29 9:45 ` Yi Min Zhao
2018-05-29 10:05 ` Yi Min Zhao
2018-05-30 10:54 ` Eduardo Otubo
2018-05-31 3:20 ` Yi Min Zhao
2018-05-31 3:24 ` Yi Min Zhao
2018-05-29 9:39 ` Eduardo Otubo
2018-05-29 9:53 ` Yi Min Zhao
2018-05-29 10:14 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180529084021.GC31560@dnr \
--to=jtomko@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=fiuczy@linux.ibm.com \
--cc=jferlan@redhat.com \
--cc=otubo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=zyimin@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).