From b87222a90919040c12fb6d7c8dcc20f944a66495 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Fri, 18 May 2018 14:57:51 +0200
Subject: [PATCH] qemu: only pass -sandbox off if supported
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This way we don't rely on QEMU supplying the -sandbox option
without CONFIG_SECCOMP.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_command.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 56cf16dcd1..e1f430aafe 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9853,7 +9853,8 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
                                    virQEMUCapsPtr qemuCaps ATTRIBUTE_UNUSED)
 {
     if (cfg->seccompSandbox == 0) {
-        virCommandAddArgList(cmd, "-sandbox", "off", NULL);
+        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_SANDBOX))
+            virCommandAddArgList(cmd, "-sandbox", "off", NULL);
         return 0;
     }
 
-- 
GitLab