[libvirt] [PATCH 1/2] Reintroduce QEMU_CAPS_SECCOMP_SANDBOX
Ján Tomko
jtomko at redhat.com
Fri May 18 13:03:03 UTC 2018
Commit 766d5c1b deprecated the capability, because we were assuming
it for every QEMU binary. At the time of the introduction, there
was no way to probe for this via QMP.
However since QEMU 1.5.0 (which is the earliest version we support)
we can rely on the query-command-line-options command to detect this
feature.
Signed-off-by: Ján Tomko <jtomko at redhat.com>
---
src/qemu/qemu_capabilities.c | 1 +
src/qemu/qemu_capabilities.h | 2 +-
tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 +
27 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index bface72de2..fb9fb013b5 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2496,6 +2496,7 @@ static struct virQEMUCapsCommandLineProps virQEMUCapsCommandLine[] = {
{ "machine", "loadparm", QEMU_CAPS_LOADPARM },
{ "vnc", "vnc", QEMU_CAPS_VNC_MULTI_SERVERS },
{ "chardev", "reconnect", QEMU_CAPS_CHARDEV_RECONNECT },
+ { "sandbox", "enable", QEMU_CAPS_SECCOMP_SANDBOX },
{ "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_BLACKLIST },
};
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 6f9953478a..63beb6e66c 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -199,7 +199,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_USB_REDIR_FILTER, /* usb-redir.filter */
QEMU_CAPS_IDE_DRIVE_WWN, /* Is ide-drive.wwn available? */
QEMU_CAPS_SCSI_DISK_WWN, /* Is scsi-disk.wwn available? */
- X_QEMU_CAPS_SECCOMP_SANDBOX, /* -sandbox */
+ QEMU_CAPS_SECCOMP_SANDBOX, /* -sandbox */
/* 110 */
QEMU_CAPS_REBOOT_TIMEOUT, /* -boot reboot-timeout */
diff --git a/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml b/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml
index e7c2e9a181..b89a5ac671 100644
--- a/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml
index e57dec321d..1e76b57861 100644
--- a/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml
index 39ec8f9b1d..af80238230 100644
--- a/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml
index afe0882dde..6ea2f21b66 100644
--- a/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml
index 5904306848..3e26e8afaf 100644
--- a/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml
@@ -35,6 +35,7 @@
<flag name='blockio'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml
index 2912c8d66b..63760f3d9d 100644
--- a/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml
@@ -34,6 +34,7 @@
<flag name='blockio'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml
index 518788ac13..08e7b1d2b8 100644
--- a/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml
@@ -20,6 +20,7 @@
<flag name='virtio-scsi-pci'/>
<flag name='blockio'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml
index 77ca3013b5..a8c79ecb7e 100644
--- a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
index 9adca9d46b..4d1c808917 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
@@ -20,6 +20,7 @@
<flag name='virtio-scsi-pci'/>
<flag name='blockio'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
index de41d96cd0..44c78cfac2 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
@@ -35,6 +35,7 @@
<flag name='blockio'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
index fc26f934ee..4ade335b39 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
@@ -34,6 +34,7 @@
<flag name='blockio'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
index bdfb81c998..ebec23d872 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
@@ -20,6 +20,7 @@
<flag name='virtio-scsi-pci'/>
<flag name='blockio'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
index 820b3ef759..06ed284488 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -44,6 +44,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml
index 871eb5e4a7..7b4126d109 100644
--- a/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml
index 90dce5a700..c9e497f7e7 100644
--- a/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml
index 4298548948..188d87f1a0 100644
--- a/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml
@@ -37,6 +37,7 @@
<flag name='blockio'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml
index 07cdc49b03..9862b9fc6d 100644
--- a/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml
@@ -34,6 +34,7 @@
<flag name='blockio'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml
index 4c6371a6cd..cfb202bc8e 100644
--- a/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml
index f86fc5c0c0..49b3cb2dfa 100644
--- a/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml
@@ -20,6 +20,7 @@
<flag name='virtio-scsi-pci'/>
<flag name='blockio'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml
index c322d18d7d..02eff02d45 100644
--- a/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml
index 84546b72b9..985a4114c5 100644
--- a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml
@@ -20,6 +20,7 @@
<flag name='virtio-scsi-pci'/>
<flag name='blockio'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml
index 7c329ad4c7..7b4f9beac1 100644
--- a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml
index cfc9405095..c9aae0b1f0 100644
--- a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml
@@ -34,6 +34,7 @@
<flag name='blockio'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml
index 96521efb8a..2bcda54bc6 100644
--- a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml
@@ -20,6 +20,7 @@
<flag name='virtio-scsi-pci'/>
<flag name='blockio'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
index 0701c244f6..7556e40204 100644
--- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
@@ -46,6 +46,7 @@
<flag name='usb-redir.filter'/>
<flag name='ide-drive.wwn'/>
<flag name='scsi-disk.wwn'/>
+ <flag name='seccomp-sandbox'/>
<flag name='reboot-timeout'/>
<flag name='seamless-migration'/>
<flag name='block-commit'/>
--
2.16.1
More information about the libvir-list
mailing list