在 2018/5/18 下午9:07, Ján Tomko 写道:
On Fri, May 18, 2018 at 11:19:16AM +0200, Eduardo Otubo wrote:
On 18/05/2018 - 09:52:12, Ján Tomko wrote:
On Thu, May 17, 2018 at 02:41:09PM +0200, Eduardo Otubo wrote:
> On 15/05/2018 - 19:33:48, Yi Min Zhao wrote:
> > If CONFIG_SECCOMP is undefined, the option 'elevateprivileges'
remains
> > compiled. This would make libvirt set the corresponding
capability and
> > then trigger the guest startup fails. So this patch excludes the
code
> > regarding seccomp staff if CONFIG_SECCOMP is undefined.
>
> Just a sugestion for the next patch you send: If it's a single
patch, you don't
> need to format it with a cover-letter. Just put all the
description in the body,
> or if you need to add a text that shouldn't be included in the
commit message,
> just add it after the "---" after Signed-off-by.
>
> >
> > Signed-off-by: Yi Min Zhao <zyi...@linux.ibm.com>
> > ---
> > vl.c | 13 ++++++++-----
> > 1 file changed, 8 insertions(+), 5 deletions(-)
> >
[...]
Current libvirt logic assumes the -sandbox option is always present.
(IIRC it was introduced in QEMU 1.1 and when we switched from help
scraping to capability probing via QMP for QEMU 1.2, there was no
way to detect it)
This patch fixes the usage of QEMU new enough for seccomp blacklist
(where libvirt enables the sandbox by default),
but breaks the usage of QEMU with compiled out sandbox and
setting
seccomp_sandbox = 0
in libvirt's qemu.conf:
error: internal error: process exited while connecting to monitor:
qemu-git: -sandbox off: There is no option group 'sandbox'
But now libvirt requires QEMU >= 1.5.0 which already supports
query-command-line-options, so if you want the option gone completely
--without-seccomp, I can add the code that probes for it and
make seccomp_sandbox = 0 a no-op if it's compiled out.
This looks like a good solution for the libvirt side. Can you add
this support
so we can merge this fix?
Patches proposed:
https://www.redhat.com/archives/libvir-list/2018-May/msg01430.html
Jano
Thanks for your work!
