[libvirt PATCH 3/5] qemu: seccomp: remove dead code
Ján Tomko
jtomko at redhat.com
Fri Sep 24 14:28:45 UTC 2021
There is no QEMU we support that would need the old syntax
for -sandbox on.
Signed-off-by: Ján Tomko <jtomko at redhat.com>
---
src/qemu/qemu_command.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index fa9998a191..48df8818a6 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -10119,7 +10119,6 @@ qemuBuildSeccompSandboxCommandLine(virCommand *cmd,
return 0;
}
- /* Use blacklist by default if supported */
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_SANDBOX)) {
virCommandAddArgList(cmd, "-sandbox",
"on,obsolete=deny,elevateprivileges=deny,"
@@ -10128,10 +10127,6 @@ qemuBuildSeccompSandboxCommandLine(virCommand *cmd,
return 0;
}
- /* Seccomp whitelist is opt-in */
- if (cfg->seccompSandbox > 0)
- virCommandAddArgList(cmd, "-sandbox", "on", NULL);
-
return 0;
}
--
2.31.1
More information about the libvir-list
mailing list