From ede22e58ff90ffe080e31cea7dc19d41c8b85529 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Tue, 18 Sep 2012 15:24:51 +0800 Subject: [PATCH] qemu: add capability flag for seccomp sandbox This series adds support to run QEMU with seccomp sandbox enabled. It can be configured in qemu.conf to on, off, or the QEMU default, which is off in 1.2. Default value is the QEMU default. --- src/qemu/qemu_capabilities.c | 3 +++ src/qemu/qemu_capabilities.h | 1 + 2 files changed, 4 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index edfe1e7653..278b550945 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -179,6 +179,7 @@ VIR_ENUM_IMPL(qemuCaps, QEMU_CAPS_LAST, "usb-redir.filter", "ide-drive.wwn", "scsi-disk.wwn", + "seccomp-sandbox", ); struct _qemuCaps { @@ -1199,6 +1200,8 @@ qemuCapsComputeCmdFlags(const char *help, } if (strstr(help, "-smbios type")) qemuCapsSet(caps, QEMU_CAPS_SMBIOS_TYPE); + if (strstr(help, "-sandbox")) + qemuCapsSet(caps, QEMU_CAPS_SECCOMP_SANDBOX); if ((netdev = strstr(help, "-netdev"))) { /* Disable -netdev on 0.12 since although it exists, diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index fb1841a973..4da2a292e2 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -144,6 +144,7 @@ enum qemuCapsFlags { QEMU_CAPS_USB_REDIR_FILTER = 106, /* usb-redir.filter */ QEMU_CAPS_IDE_DRIVE_WWN = 107, /* Is ide-drive.wwn available? */ QEMU_CAPS_SCSI_DISK_WWN = 108, /* Is scsi-disk.wwn available? */ + QEMU_CAPS_SECCOMP_SANDBOX = 109, /* -sandbox */ QEMU_CAPS_LAST, /* this must always be the last item */ }; -- GitLab