From: Eduardo Otubo <otubo@redhat.com>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, marcandre.lureau@redhat.com
Subject: [Qemu-devel] [PULL 1/1] seccomp: check TSYNC host capability
Date: Fri, 14 Sep 2018 15:06:44 +0200 [thread overview]
Message-ID: <20180914130644.15292-2-otubo@redhat.com> (raw)
In-Reply-To: <20180914130644.15292-1-otubo@redhat.com>
From: Marc-André Lureau <marcandre.lureau@redhat.com>
Remove -sandbox option if the host is not capable of TSYNC, since the
sandbox will fail at setup time otherwise. This will help libvirt, for
ex, to figure out if -sandbox will work.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
---
qemu-seccomp.c | 19 ++++++++++++++++++-
vl.c | 4 ++--
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 4729eb107f..1baa5c69ed 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -282,7 +282,24 @@ static QemuOptsList qemu_sandbox_opts = {
static void seccomp_register(void)
{
- qemu_add_opts(&qemu_sandbox_opts);
+ bool add = false;
+
+ /* FIXME: use seccomp_api_get() >= 2 check when released */
+
+#if defined(SECCOMP_FILTER_FLAG_TSYNC)
+ int check;
+
+ /* check host TSYNC capability, it returns errno == ENOSYS if unavailable */
+ check = qemu_seccomp(SECCOMP_SET_MODE_FILTER,
+ SECCOMP_FILTER_FLAG_TSYNC, NULL);
+ if (check < 0 && errno == EFAULT) {
+ add = true;
+ }
+#endif
+
+ if (add) {
+ qemu_add_opts(&qemu_sandbox_opts);
+ }
}
opts_init(seccomp_register);
#endif
diff --git a/vl.c b/vl.c
index 5ba06adf78..380ae7ba2b 100644
--- a/vl.c
+++ b/vl.c
@@ -4007,8 +4007,8 @@ int main(int argc, char **argv, char **envp)
}
#ifdef CONFIG_SECCOMP
- if (qemu_opts_foreach(qemu_find_opts("sandbox"),
- parse_sandbox, NULL, NULL)) {
+ olist = qemu_find_opts_err("sandbox", NULL);
+ if (olist && qemu_opts_foreach(olist, parse_sandbox, NULL, NULL)) {
exit(1);
}
#endif
--
2.17.1
prev parent reply other threads:[~2018-09-14 13:07 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-14 13:06 [Qemu-devel] [PULL 0/1] seccomp branch queue Eduardo Otubo
2018-09-14 13:06 ` Eduardo Otubo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180914130644.15292-2-otubo@redhat.com \
--to=otubo@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).