Hi
On Wed, Feb 27, 2019 at 2:22 AM David Gibson
<da...@gibson.dropbear.id.au> wrote:
>
> At present, when seccomp support is compiled out with --disable-seccomp
> we fail with an error if the user puts -sandbox on the command line.
>
> That kind of makes sense, but it's a bit strange that we reject a request
> to disable sandboxing with "-sandbox off" saying we don't support
> sandboxing.
>
> This puts in a small sandbox to (correctly) silently ignore -sandbox off
> when we don't have sandboxing support compiled in. This makes life easier
> for testcases, since they can safely specify "-sandbox off" without having
> to care if the qemu they're using is compiled with sandbox support or not.
>
> Signed-off-by: David Gibson <da...@gibson.dropbear.id.au>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
> ---
> vl.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/vl.c b/vl.c
> index 502857a176..9d5f1b7ebb 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -3857,9 +3857,11 @@ int main(int argc, char **argv, char **envp)
> exit(1);
> }
> #else
> - error_report("-sandbox support is not enabled "
> - "in this QEMU binary");
> - exit(1);
> + if (!g_str_equal(optarg, "off")) {
> + error_report("-sandbox support is not enabled "
> + "in this QEMU binary");
> + exit(1);
> + }
> #endif
> break;
> case QEMU_OPTION_add_fd:
> --
> 2.20.1
>
>
--
Marc-André Lureau
