On Fri, May 18, 2018 at 11:19:16AM +0200, Eduardo Otubo wrote:
On 18/05/2018 - 09:52:12, Ján Tomko wrote:On Thu, May 17, 2018 at 02:41:09PM +0200, Eduardo Otubo wrote: > On 15/05/2018 - 19:33:48, Yi Min Zhao wrote: > > If CONFIG_SECCOMP is undefined, the option 'elevateprivileges' remains > > compiled. This would make libvirt set the corresponding capability and > > then trigger the guest startup fails. So this patch excludes the code > > regarding seccomp staff if CONFIG_SECCOMP is undefined. > > Just a sugestion for the next patch you send: If it's a single patch, you don't > need to format it with a cover-letter. Just put all the description in the body, > or if you need to add a text that shouldn't be included in the commit message, > just add it after the "---" after Signed-off-by. > > > > > Signed-off-by: Yi Min Zhao <zyi...@linux.ibm.com> > > --- > > vl.c | 13 ++++++++----- > > 1 file changed, 8 insertions(+), 5 deletions(-) > >
[...]
Current libvirt logic assumes the -sandbox option is always present. (IIRC it was introduced in QEMU 1.1 and when we switched from help scraping to capability probing via QMP for QEMU 1.2, there was no way to detect it) This patch fixes the usage of QEMU new enough for seccomp blacklist (where libvirt enables the sandbox by default), but breaks the usage of QEMU with compiled out sandbox and setting seccomp_sandbox = 0 in libvirt's qemu.conf: error: internal error: process exited while connecting to monitor: qemu-git: -sandbox off: There is no option group 'sandbox' But now libvirt requires QEMU >= 1.5.0 which already supports query-command-line-options, so if you want the option gone completely --without-seccomp, I can add the code that probes for it and make seccomp_sandbox = 0 a no-op if it's compiled out.This looks like a good solution for the libvirt side. Can you add this support so we can merge this fix?
Patches proposed: https://www.redhat.com/archives/libvir-list/2018-May/msg01430.html Jano
signature.asc
Description: Digital signature
