On Fri, Jun 19, 2020 at 10:32:42 +0100, Daniel Berrange wrote:
> The concept we're really testing for is whether QEMU supports
> the seccomp syscall filter groups. We need to keep one place
> using the old term to deal with upgrades from existing hosts
> with running VMs.
>
> Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
> ---
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 72874ee4fd..56ec5c0352 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
> if (str) {
> int flag = virQEMUCapsTypeFromString(str);
> if (flag < 0) {
> - virReportError(VIR_ERR_INTERNAL_ERROR,
> - _("Unknown qemu capabilities flag %s"),
> str);
> - goto error;
> + if (g_str_equal(str, "seccomp-blacklist")) {
> + flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
> + } else {
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("Unknown qemu capabilities flag
> %s"), str);
I think this should become an array so that we can extend it arbitrarily
later. This concept may come in useful.
Additionally making it with a proper explanation will prevent us from
having a magic constant in a random place in the code without proper
explanation.
