[Qemu-devel] [PATCH v2 0/1] Bug: Sandbox: libvirt breakdowns qemu guest

Yi Min Zhao posted 1 patch 5 years, 10 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20180515113348.10516-1-zyimin@linux.ibm.com
Test checkpatch passed
Test docker-mingw@fedora passed
Test docker-quick@centos7 passed
Test s390x passed
vl.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
[Qemu-devel] [PATCH v2 0/1] Bug: Sandbox: libvirt breakdowns qemu guest
Posted by Yi Min Zhao 5 years, 10 months ago
1. Problem Description
======================
If QEMU is built without seccomp support, 'elevateprivileges' remains compiled.
This option of sandbox is treated as an indication for seccomp blacklist support
in libvirt. This behavior is introduced by the libvirt commits 31ca6a5 and
3527f9d. It would make libvirt build wrong QEMU cmdline, and then the guest
startup would fail.

2. Libvirt Log
==============
qemu-system-s390x: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
resourcecontrol=deny: seccomp support is disabled

3. Fixup
========
Compile the code related to sandbox only when CONFIG_SECCOMP is defined.

Yi Min Zhao (1):
  sandbox: disable -sandbox if CONFIG_SECCOMP undefined

 vl.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

-- 
Yi Min