From nobody Wed May  1 08:25:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1526643476759379.8531160589978;
 Fri, 18 May 2018 04:37:56 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com
 [10.5.11.26])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id D0D683153644;
	Fri, 18 May 2018 11:37:54 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 518E130BA8E3;
	Fri, 18 May 2018 11:37:54 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2BA7F4BB79;
	Fri, 18 May 2018 11:37:53 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com
	[10.5.11.27])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4IBbpn7017619 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 18 May 2018 07:37:52 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id C741E9BD2A; Fri, 18 May 2018 11:37:51 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx20.extmail.prod.ext.phx2.redhat.com
	[10.5.110.49])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7F86F9759F;
	Fri, 18 May 2018 11:37:49 +0000 (UTC)
Received: from out3135-147.mail.aliyun.com (out3135-147.mail.aliyun.com
	[42.156.135.147])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 063D531510FC;
	Fri, 18 May 2018 11:37:45 +0000 (UTC)
Received: from localhost.localdomain(mailfrom:zhenwei.pi@youruncloud.com
	fp:SMTPD_---.C0WBVfy_1526643460)
	by smtp.aliyun-inc.com(10.147.41.231);
	Fri, 18 May 2018 19:37:41 +0800
X-Alimail-AntiSpam: AC=AD; BC=0.7132376|0.1173788; BR=01201311R571b1; CH=blue;
	FP=0|0|0|0|0|-1|-1|-1; HT=e01l07447;
	MF=zhenwei.pi@youruncloud.com; NM=1; PH=DS; RN=3; RT=3; SR=0;
	TI=SMTPD_---.C0WBVfy_1526643460;
From: zhenwei pi <zhenwei.pi@youruncloud.com>
To: berrange@redhat.com, libvir-list@redhat.com
Date: Fri, 18 May 2018 19:37:33 +0800
Message-Id: <1526643453-9608-1-git-send-email-zhenwei.pi@youruncloud.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.49]); Fri, 18 May 2018 11:37:48 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.49]);
	Fri, 18 May 2018 11:37:48 +0000 (UTC) for IP:'42.156.135.147'
	DOMAIN:'out3135-147.mail.aliyun.com'
	HELO:'out3135-147.mail.aliyun.com'
	FROM:'zhenwei.pi@youruncloud.com' RCPT:''
X-RedHat-Spam-Score: -0.009  (RCVD_IN_DNSWL_NONE,
	UNPARSEABLE_RELAY) 42.156.135.147
	out3135-147.mail.aliyun.com 42.156.135.147
	out3135-147.mail.aliyun.com <zhenwei.pi@youruncloud.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.49
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27
X-loop: libvir-list@redhat.com
Cc: zhenwei.pi@youruncloud.com
Subject: [libvirt] [PATCH] set default seccompSandbox as 0 for qemu
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]);
 Fri, 18 May 2018 11:37:55 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

start qemu fail : qemu-system-x86_64: -sandbox on,obsolete=3Ddeny,
    elevateprivileges=3Ddeny,spawn=3Ddeny,resourcecontrol=3Ddeny:
    seccomp support is disabled
libvirt version : 4.3
qemu version : 2.12
reproducer : recompile qemu with ./configure --disable-seccomp, or
    remove libseccomp package.

with default seccompSandbox -1, libvirt try to get config from qemu
cmdline. if qemu disables seccomp (or misses seccomp package), qemu
still reports sandbox help message. libvirt mistakens about qemu real
capability.

set default seccompSandbox as 0 in code, and still get user conf
from qemu.conf. if user wants to enable seccomp, he should check
qemu firstly, then use the right qemu.conf.

Signed-off-by: zhenwei pi <zhenwei.pi@youruncloud.com>
---
 src/qemu/qemu_conf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 277ab83..d17b4b1 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -313,7 +313,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv=
ileged)
=20
     cfg->keepAliveInterval =3D 5;
     cfg->keepAliveCount =3D 5;
-    cfg->seccompSandbox =3D -1;
+    cfg->seccompSandbox =3D 0;
=20
     cfg->logTimestamp =3D true;
     cfg->glusterDebugLevel =3D 4;
--=20
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list