From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44231) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VJniM-0006U6-Bg for qemu-devel@nongnu.org; Wed, 11 Sep 2013 12:56:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VJniD-0008J2-DQ for qemu-devel@nongnu.org; Wed, 11 Sep 2013 12:56:26 -0400 Received: from e7.ny.us.ibm.com ([32.97.182.137]:60901) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VJniD-0008Iy-98 for qemu-devel@nongnu.org; Wed, 11 Sep 2013 12:56:17 -0400 Received: from /spool/local by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 11 Sep 2013 12:56:16 -0400 Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by d01dlp03.pok.ibm.com (Postfix) with ESMTP id 98628C90072 for ; Wed, 11 Sep 2013 12:56:10 -0400 (EDT) Received: from d01av05.pok.ibm.com (d01av05.pok.ibm.com [9.56.224.195]) by b01cxnp22033.gho.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r8BGu9QE44302462 for ; Wed, 11 Sep 2013 16:56:10 GMT Received: from d01av05.pok.ibm.com (loopback [127.0.0.1]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r8BGu9PY000369 for ; Wed, 11 Sep 2013 12:56:09 -0400 Message-ID: <5230A0A8.2000205@linux.vnet.ibm.com> Date: Wed, 11 Sep 2013 12:56:08 -0400 From: Corey Bryant MIME-Version: 1.0 References: <1378495308-24560-1-git-send-email-otubo@linux.vnet.ibm.com> <1378495308-24560-4-git-send-email-otubo@linux.vnet.ibm.com> In-Reply-To: <1378495308-24560-4-git-send-email-otubo@linux.vnet.ibm.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCHv3 3/3] seccomp: general fixes List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eduardo Otubo Cc: pmoore@redhat.com, qemu-devel@nongnu.org On 09/06/2013 03:21 PM, Eduardo Otubo wrote: > 1) On qemu-seccomp.c:255, the variable ctx was being used > uninitialized; now it's initialized with NULL and it's being checked at > the end of the function. > > 2) Changed the name of the command line option from "enable" to > "sandbox" for a better understanding from user side. > > Signed-off-by: Eduardo Otubo > --- > qemu-seccomp.c | 5 +++-- > vl.c | 6 +++--- > 2 files changed, 6 insertions(+), 5 deletions(-) > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > index 5e85eb5..f39d636 100644 > --- a/qemu-seccomp.c > +++ b/qemu-seccomp.c > @@ -252,7 +252,7 @@ seccomp_return: > int seccomp_start(int list_type) > { > int rc = 0; > - scmp_filter_ctx ctx; > + scmp_filter_ctx ctx = NULL; > > switch (list_type) { > case WHITELIST: > @@ -280,6 +280,7 @@ int seccomp_start(int list_type) > rc = seccomp_load(ctx); > > seccomp_return: > - seccomp_release(ctx); > + if (!ctx) You need to remove the ! from this check. > + seccomp_release(ctx); > return rc; > } > diff --git a/vl.c b/vl.c > index 909f685..129919d 100644 > --- a/vl.c > +++ b/vl.c > @@ -323,11 +323,11 @@ static QemuOptsList qemu_rtc_opts = { > > static QemuOptsList qemu_sandbox_opts = { > .name = "sandbox", > - .implied_opt_name = "enable", > + .implied_opt_name = "sandbox", So does this technically make it -sandbox,sandbox=on? If I understand correctly, I don't think the implied option is ever seen or used by the user anyway so it probably doesn't matter. But I don't know if it's worth changing. > .head = QTAILQ_HEAD_INITIALIZER(qemu_sandbox_opts.head), > .desc = { > { > - .name = "enable", > + .name = "sandbox", > .type = QEMU_OPT_BOOL, > },{ > .name = "strict", > @@ -1036,7 +1036,7 @@ static int parse_sandbox(QemuOpts *opts, void *opaque) > { > const char * strict_value = NULL; > /* FIXME: change this to true for 1.3 */ > - if (qemu_opt_get_bool(opts, "enable", false)) { > + if (qemu_opt_get_bool(opts, "sandbox", false)) { > #ifdef CONFIG_SECCOMP > if (seccomp_start(WHITELIST) < 0) { > qerror_report(ERROR_CLASS_GENERIC_ERROR, > -- 1.8.3.1 > -- Regards, Corey Bryant