---
docs/drvqemu.html.in | 12 ++++++------
docs/kbase/qemu-passthrough-security.rst | 3 ++-
src/lxc/lxc_cgroup.c | 2 +-
src/qemu/qemu.conf | 2 +-
src/qemu/qemu_cgroup.c | 2 +-
src/util/vircgroup.c | 2 +-
6 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in
index b6d731bb59..31d3fee213 100644
--- a/docs/drvqemu.html.in
+++ b/docs/drvqemu.html.in
@@ -468,12 +468,12 @@ chmod o+x /path/to/directory
for resource management. It is implemented via a number of "controll=
ers",
each controller covering a specific task/functional area. One of the
available controllers is the "devices" controller, which is able to
- setup whitelists of block/character devices that a cgroup should be
- allowed to access. If the "devices" controller is mounted on a host,
- then libvirt will automatically create a dedicated cgroup for each
- QEMU virtual machine and setup the device whitelist so that the QEMU
- process can only access shared devices, and explicitly disks images
- backed by block devices.
+ setup access control lists of block/character devices that a cgroup
+ should be allowed to access. If the "devices" controller is mounted =
on a
+ host, then libvirt will automatically create a dedicated cgroup for =
each
+ QEMU virtual machine and setup the device access control list so tha=
t the
+ QEMU process can only access shared devices, and explicitly assigned=
disks
+ images backed by block devices.
=20
diff --git a/docs/kbase/qemu-passthrough-security.rst b/docs/kbase/qemu-pas=
sthrough-security.rst
index 5f761cbfcb..4381d9f3a6 100644
--- a/docs/kbase/qemu-passthrough-security.rst
+++ b/docs/kbase/qemu-passthrough-security.rst
@@ -110,7 +110,8 @@ Granting access per VM
policy on a per VM basis.
=20
* Cgroups - a custom cgroup is created per VM and this will either use the
- ``devices`` controller or an ``BPF`` rule to whitelist a set of device n=
odes.
+ ``devices`` controller or an ``BPF`` rule to define an access control li=
st
+ for the set of device nodes.
There is no way to change this policy on a per VM basis.
=20
Disabling security protection per VM
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index e71f37d2b1..d13f2adde5 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -374,7 +374,7 @@ static int virLXCCgroupSetupDeviceACL(virDomainDefPtr d=
ef,
return -1;
}
=20
- VIR_DEBUG("Device whitelist complete");
+ VIR_DEBUG("Device ACL setup complete");
=20
return 0;
}
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 404961c53e..f89dbd2c3a 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -464,7 +464,7 @@
# What cgroup controllers to make use of with QEMU guests
#
# - 'cpu' - use for scheduler tunables
-# - 'devices' - use for device whitelisting
+# - 'devices' - use for device access control
# - 'memory' - use for memory tunables
# - 'blkio' - use for block devices I/O tunables
# - 'cpuset' - use for CPUs and memory nodes
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index d92202f847..57c5b6e69b 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -745,7 +745,7 @@ qemuSetupDevicesCgroup(virDomainObjPtr vm)
if (rv < 0) {
if (virLastErrorIsSystemErrno(EPERM)) {
virResetLastError();
- VIR_WARN("Group devices ACL is not accessible, disabling white=
listing");
+ VIR_WARN("Group devices ACL is not accessible, disabling filte=
ring");
return 0;
}
=20
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index bb535df4f2..e20cc71c78 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -773,7 +773,7 @@ virCgroupSetPartitionSuffix(const char *path, char **re=
s)
return ret;
=20
for (i =3D 0; tokens[i] !=3D NULL; i++) {
- /* Whitelist the 3 top level fixed dirs
+ /* Special case the 3 top level fixed dirs
* NB i =3D=3D 0 is "", since we have leading '/'
*/
if (i =3D=3D 1 &&
--=20
2.24.1
From nobody Fri Apr 19 04:42:48 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
207.211.31.120 as permitted sender) client-ip=207.211.31.120;
envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592559663; cv=none;
d=zohomail.com; s=zohoarc;
b=b59vQwEXFz9nSubPfuuBa81ywYMu8lkkFtQndllKjgkShCCYEh+EaMIcVMBiElVDda9I1Dtt7oeKOgiZTQ7IXLVwUzeAIJDFDLAc7Z4I/keuVmQy7EKJdlVIFPzQ/U+a3GlZnsZZStSmj36lc5NmTb8AiuphMqXYpwKcjlGMaNg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1592559663;
h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
bh=r5NB1mhx1yuUCo1vrQeNt/z5vPGjdkJBb4iwz9u5Ctw=;
b=eS0qcKNy2381KeSoiz7sd2asz47khwYWxJIE8DkA+K8FK4uMwMNMn8BEIMtRk2TnX2S+m08srhTOYLqTlSDcHJffsgmel0VHa9yUlJpz0VP0+Pc8n6kTJhWNT/dj+dHO1WbWB+ZkNUhT6K5neNzPEtrgpGxx+rXfoc9rPd7lYcw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
header.from=
Return-Path:
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
[207.211.31.120]) by mx.zohomail.com
with SMTPS id 1592559663828608.1109679685013;
Fri, 19 Jun 2020 02:41:03 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-425-WMvcy_N3NTSFQxkeWr9sWA-1; Fri, 19 Jun 2020 05:40:31 -0400
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
[10.5.11.15])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 89206106B242;
Fri, 19 Jun 2020 09:40:25 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 6A83E5BAC7;
Fri, 19 Jun 2020 09:40:25 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3D177833C3;
Fri, 19 Jun 2020 09:40:25 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
[10.5.11.11])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 05J9e6Yp004822 for ;
Fri, 19 Jun 2020 05:40:06 -0400
Received: by smtp.corp.redhat.com (Postfix)
id B0D617166A; Fri, 19 Jun 2020 09:40:06 +0000 (UTC)
Received: from catbus.gsslab.fab.redhat.com (mustard.gsslab.fab.redhat.com
[10.33.8.112])
by smtp.corp.redhat.com (Postfix) with ESMTP id 1EB5871662;
Fri, 19 Jun 2020 09:40:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1592559662;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=r5NB1mhx1yuUCo1vrQeNt/z5vPGjdkJBb4iwz9u5Ctw=;
b=ftXIvwcW6QmnLc8YdTTgNQ4PeyirnMwe94QqMZEKjKcF8hPaCcmfKW3kESJuRa8e1SWkLD
Lri+ri5TJtKOuqxnh14wvtjD3J1+4UFfch9nDoBqsUM0W+3Q8Ex8hwDOpIOiKYg3bP8GpM
aUgSNSO7DZUbj2l8Bu8IvEaabcLDERA=
X-MC-Unique: WMvcy_N3NTSFQxkeWr9sWA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?=
To: libvir-list@redhat.com
Subject: [libvirt PATCH 04/23] qemu: remove use of the terms 'whitelist' and
'blacklist' from CPU code
Date: Fri, 19 Jun 2020 10:32:41 +0100
Message-Id: <20200619093300.2211535-5-berrange@redhat.com>
In-Reply-To: <20200619093300.2211535-1-berrange@redhat.com>
References: <20200619093300.2211535-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
When listing CPU models, we need to filter the data based on sets
of permitted and forbidden CPU models.
Signed-off-by: Daniel P. Berrang=C3=A9
Reviewed-by: Peter Krempa
---
src/qemu/qemu_capabilities.c | 18 +++++++++---------
src/qemu/qemu_capabilities.h | 4 ++--
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 484fff99e5..68fcbd3c4f 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2256,8 +2256,8 @@ virQEMUCapsAddCPUDefinitions(virQEMUCapsPtr qemuCaps,
=20
static virDomainCapsCPUModelsPtr
virQEMUCapsCPUDefsToModels(qemuMonitorCPUDefsPtr defs,
- const char **modelWhitelist,
- const char **modelBlacklist)
+ const char **modelAllowed,
+ const char **modelForbidden)
{
g_autoptr(virDomainCapsCPUModels) cpuModels =3D NULL;
size_t i;
@@ -2268,10 +2268,10 @@ virQEMUCapsCPUDefsToModels(qemuMonitorCPUDefsPtr de=
fs,
for (i =3D 0; i < defs->ncpus; i++) {
qemuMonitorCPUDefInfoPtr cpu =3D defs->cpus + i;
=20
- if (modelWhitelist && !virStringListHasString(modelWhitelist, cpu-=
>name))
+ if (modelAllowed && !virStringListHasString(modelAllowed, cpu->nam=
e))
continue;
=20
- if (modelBlacklist && virStringListHasString(modelBlacklist, cpu->=
name))
+ if (modelForbidden && virStringListHasString(modelForbidden, cpu->=
name))
continue;
=20
if (virDomainCapsCPUModelsAdd(cpuModels, cpu->name, cpu->usable,
@@ -2286,15 +2286,15 @@ virQEMUCapsCPUDefsToModels(qemuMonitorCPUDefsPtr de=
fs,
virDomainCapsCPUModelsPtr
virQEMUCapsGetCPUModels(virQEMUCapsPtr qemuCaps,
virDomainVirtType type,
- const char **modelWhitelist,
- const char **modelBlacklist)
+ const char **modelAllowed,
+ const char **modelForbidden)
{
qemuMonitorCPUDefsPtr defs;
=20
if (!(defs =3D virQEMUCapsGetAccel(qemuCaps, type)->cpuModels))
return NULL;
=20
- return virQEMUCapsCPUDefsToModels(defs, modelWhitelist, modelBlacklist=
);
+ return virQEMUCapsCPUDefsToModels(defs, modelAllowed, modelForbidden);
}
=20
=20
@@ -5976,14 +5976,14 @@ virQEMUCapsFillDomainCPUCaps(virQEMUCapsPtr qemuCap=
s,
if (virQEMUCapsIsCPUModeSupported(qemuCaps, hostarch, domCaps->virttyp=
e,
VIR_CPU_MODE_CUSTOM,
domCaps->machine)) {
- const char *blacklist[] =3D { "host", NULL };
+ const char *forbidden[] =3D { "host", NULL };
VIR_AUTOSTRINGLIST models =3D NULL;
=20
if (virCPUGetModels(domCaps->arch, &models) >=3D 0) {
domCaps->cpu.custom =3D virQEMUCapsGetCPUModels(qemuCaps,
domCaps->virttyp=
e,
(const char **)m=
odels,
- blacklist);
+ forbidden);
} else {
domCaps->cpu.custom =3D NULL;
}
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 92d42ed80b..ad93816d41 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -629,8 +629,8 @@ int virQEMUCapsAddCPUDefinitions(virQEMUCapsPtr qemuCap=
s,
virDomainCapsCPUUsable usable);
virDomainCapsCPUModelsPtr virQEMUCapsGetCPUModels(virQEMUCapsPtr qemuCaps,
virDomainVirtType type,
- const char **modelWhitel=
ist,
- const char **modelBlackl=
ist);
+ const char **modelAllowe=
d,
+ const char **modelForbid=
den);
int virQEMUCapsFetchCPUModels(qemuMonitorPtr mon,
virArch arch,
virDomainCapsCPUModelsPtr *cpuModels);
--=20
2.24.1
From nobody Fri Apr 19 04:42:48 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
207.211.31.81 as permitted sender) client-ip=207.211.31.81;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1592559682; cv=none;
d=zohomail.com; s=zohoarc;
b=OHXXH2JUae7yfHF/qvg5HwSR4/0Fs18MPgBKpcA66JL2yXmQIgUy66mRIWL0Nq+N0SLk+GHj9wqg2GDaYw/4vg7Y6imsqqSEUsPUGHRomsvn6iZWI8N5G+qcxuaa191TidmxGJkDRhVocil6Q6DH9Ko7+8f8QC26o4sJiYkwNvw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1592559682;
h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
bh=OJGFAB5/T/3AMs+FDpFXzudYIgSMLJWG9UbGuiw6ft4=;
b=McemewAszba38RXk22cjuDuPdw4Nfcc3koPBMX4V9GaCC90MqwO+7Rf1mLZWFDGCg81yeF3EFRfR1V/WOlZNf0bfVT2xRHOWBc26hd41uwIPMO9vIqRc2uju68JeJYHyFnIkHz8n1j8qUiVDM28KEB0RKaiaKUcXMLlKjTGZ/sI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
header.from=
Return-Path:
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
[207.211.31.81]) by mx.zohomail.com
with SMTPS id 1592559682637811.3700330854342;
Fri, 19 Jun 2020 02:41:22 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-391-4yZAm_WzNwKgBaOCqbOsMA-1; Fri, 19 Jun 2020 05:40:29 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
[10.5.11.22])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 65342872FEB;
Fri, 19 Jun 2020 09:40:23 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 40DEB10013C4;
Fri, 19 Jun 2020 09:40:23 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 119B3833D1;
Fri, 19 Jun 2020 09:40:23 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
[10.5.11.11])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 05J9e7Yj004829 for ;
Fri, 19 Jun 2020 05:40:07 -0400
Received: by smtp.corp.redhat.com (Postfix)
id B89C371662; Fri, 19 Jun 2020 09:40:07 +0000 (UTC)
Received: from catbus.gsslab.fab.redhat.com (mustard.gsslab.fab.redhat.com
[10.33.8.112])
by smtp.corp.redhat.com (Postfix) with ESMTP id 0422F71663;
Fri, 19 Jun 2020 09:40:06 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1592559681;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=OJGFAB5/T/3AMs+FDpFXzudYIgSMLJWG9UbGuiw6ft4=;
b=BTm6DGsKcbfJW5x8xfS7SpptFekij3FThfFwsuMh6DEerMxSHMQ1X7G5/a87x3xa10lyZ4
w+u1sACCxEQAN1uEoZ+m06uHWQArrDAO8YeLnYR3ZVq1zCJyY3vmTzozwWakpKFQiP8Whv
RIswo1UQO6DwJK1tADXKt3UZpn6rsD8=
X-MC-Unique: 4yZAm_WzNwKgBaOCqbOsMA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?=
To: libvir-list@redhat.com
Subject: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in
seccomp capability
Date: Fri, 19 Jun 2020 10:32:42 +0100
Message-Id: <20200619093300.2211535-6-berrange@redhat.com>
In-Reply-To: <20200619093300.2211535-1-berrange@redhat.com>
References: <20200619093300.2211535-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
The concept we're really testing for is whether QEMU supports
the seccomp syscall filter groups. We need to keep one place
using the old term to deal with upgrades from existing hosts
with running VMs.
Signed-off-by: Daniel P. Berrang=C3=A9
---
src/qemu/qemu.conf | 2 +-
src/qemu/qemu_capabilities.c | 4 ++--
src/qemu/qemu_capabilities.h | 2 +-
src/qemu/qemu_command.c | 4 ++--
src/qemu/qemu_domain.c | 10 +++++++---
tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 +-
tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml | 2 +-
tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml | 2 +-
tests/qemustatusxml2xmldata/backup-pull-in.xml | 2 +-
tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml | 2 +-
tests/qemuxml2argvtest.c | 2 +-
37 files changed, 45 insertions(+), 41 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index f89dbd2c3a..99b9ce53e5 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -704,7 +704,7 @@
# If it is unset (or -1), then seccomp will be enabled
# only if QEMU >=3D 2.11.0 is detected, otherwise it is
# left disabled. This ensures the default config gets
-# protection for new QEMU using the blacklist approach.
+# protection for new QEMU with filter groups.
#
#seccomp_sandbox =3D 1
=20
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 68fcbd3c4f..310be800e2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -468,7 +468,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
/* 285 */
"qcow2-luks",
"pcie-pci-bridge",
- "seccomp-blacklist",
+ "seccomp-filter-groups",
"query-cpus-fast",
"disk-write-cache",
=20
@@ -3292,7 +3292,7 @@ static struct virQEMUCapsCommandLineProps virQEMUCaps=
CommandLine[] =3D {
{ "vnc", "vnc", QEMU_CAPS_VNC_MULTI_SERVERS },
{ "chardev", "reconnect", QEMU_CAPS_CHARDEV_RECONNECT },
{ "sandbox", "enable", QEMU_CAPS_SECCOMP_SANDBOX },
- { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_BLACKLIST },
+ { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_FILTER_GROUPS },
{ "chardev", "fd", QEMU_CAPS_CHARDEV_FD_PASS },
{ "overcommit", NULL, QEMU_CAPS_OVERCOMMIT },
{ "smp-opts", "dies", QEMU_CAPS_SMP_DIES },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index ad93816d41..0ee3e357cb 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -448,7 +448,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
/* 285 */
QEMU_CAPS_QCOW2_LUKS, /* qcow2 format support LUKS encryption */
QEMU_CAPS_DEVICE_PCIE_PCI_BRIDGE, /* -device pcie-pci-bridge */
- QEMU_CAPS_SECCOMP_BLACKLIST, /* -sandbox.elevateprivileges */
+ QEMU_CAPS_SECCOMP_FILTER_GROUPS, /* -sandbox.elevateprivileges */
QEMU_CAPS_QUERY_CPUS_FAST, /* query-cpus-fast command */
QEMU_CAPS_DISK_WRITE_CACHE, /* qemu block frontends support write-cach=
e param */
=20
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f27246b4c6..37113a433a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9517,8 +9517,8 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
return 0;
}
=20
- /* Use blacklist by default if supported */
- if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_BLACKLIST)) {
+ /* Block undesirable syscall groups by default if supported */
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_FILTER_GROUPS)) {
virCommandAddArgList(cmd, "-sandbox",
"on,obsolete=3Ddeny,elevateprivileges=3Ddeny,"
"spawn=3Ddeny,resourcecontrol=3Ddeny",
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 72874ee4fd..56ec5c0352 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
if (str) {
int flag =3D virQEMUCapsTypeFromString(str);
if (flag < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unknown qemu capabilities flag %s"),=
str);
- goto error;
+ if (g_str_equal(str, "seccomp-blacklist")) {
+ flag =3D QEMU_CAPS_SECCOMP_FILTER_GROUPS;
+ } else {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown qemu capabilities flag %=
s"), str);
+ goto error;
+ }
}
virQEMUCapsSet(qemuCaps, flag);
}
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml b/tests/qemuc=
apabilitiesdata/caps_2.11.0.s390x.xml
index 0391f4b81e..9822f50827 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
@@ -99,7 +99,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml b/tests/qemu=
capabilitiesdata/caps_2.11.0.x86_64.xml
index 9eaafb4ba6..3e5e3b4ad3 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
@@ -173,7 +173,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml b/tests/qem=
ucapabilitiesdata/caps_2.12.0.aarch64.xml
index a5d6dc3bef..3c5f8235fe 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
@@ -134,7 +134,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml b/tests/qemuc=
apabilitiesdata/caps_2.12.0.ppc64.xml
index d1ed9f6e28..e5a02c382e 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
@@ -131,7 +131,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml b/tests/qemuc=
apabilitiesdata/caps_2.12.0.s390x.xml
index cef6ebb9ad..238b05240c 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
@@ -99,7 +99,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemu=
capabilitiesdata/caps_2.12.0.x86_64.xml
index 6d48699e3e..6011f2f4a2 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -170,7 +170,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml b/tests/qemuca=
pabilitiesdata/caps_3.0.0.ppc64.xml
index e4a560bac5..a1643260ab 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
@@ -130,7 +130,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml b/tests/qemu=
capabilitiesdata/caps_3.0.0.riscv32.xml
index 71f9b0c37f..6d1e3d8cd5 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
@@ -75,7 +75,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml b/tests/qemu=
capabilitiesdata/caps_3.0.0.riscv64.xml
index 279078d541..a6994acac3 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
@@ -75,7 +75,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml b/tests/qemuca=
pabilitiesdata/caps_3.0.0.s390x.xml
index f1ed34c612..4d80f9c6ba 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
@@ -101,7 +101,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_3.0.0.x86_64.xml
index ae1836b28f..e31cb7c345 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
@@ -172,7 +172,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml b/tests/qemuca=
pabilitiesdata/caps_3.1.0.ppc64.xml
index 0dc0393c22..d01de900c9 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
@@ -131,7 +131,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_3.1.0.x86_64.xml
index d4ff21fdac..177dedbfb5 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
@@ -172,7 +172,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml b/tests/qemu=
capabilitiesdata/caps_4.0.0.aarch64.xml
index 404a39af03..7afec03c2f 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
@@ -135,7 +135,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml b/tests/qemuca=
pabilitiesdata/caps_4.0.0.ppc64.xml
index cb0232173c..81ed3b58de 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
@@ -138,7 +138,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml b/tests/qemu=
capabilitiesdata/caps_4.0.0.riscv32.xml
index 11475306f9..bfb38b6eae 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
@@ -139,7 +139,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml b/tests/qemu=
capabilitiesdata/caps_4.0.0.riscv64.xml
index 608590a35b..801a7c368e 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
@@ -139,7 +139,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml b/tests/qemuca=
pabilitiesdata/caps_4.0.0.s390x.xml
index f4d20169e0..0be526ce7f 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
@@ -101,7 +101,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_4.0.0.x86_64.xml
index 0e66a4c847..930f508048 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
@@ -171,7 +171,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_4.1.0.x86_64.xml
index f2d3902e6c..e1481979e8 100644
--- a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
@@ -171,7 +171,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml b/tests/qemu=
capabilitiesdata/caps_4.2.0.aarch64.xml
index 98cee36669..bc643545ac 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
@@ -137,7 +137,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml b/tests/qemuca=
pabilitiesdata/caps_4.2.0.ppc64.xml
index 70c826e0cf..ed3c865747 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
@@ -138,7 +138,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml b/tests/qemuca=
pabilitiesdata/caps_4.2.0.s390x.xml
index 0b174ffeec..335a06d897 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
@@ -101,7 +101,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_4.2.0.x86_64.xml
index eaf71eb469..009536f0b4 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
@@ -172,7 +172,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml b/tests/qemu=
capabilitiesdata/caps_5.0.0.aarch64.xml
index f2d691734f..b2f6e0ed30 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
@@ -139,7 +139,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml b/tests/qemuca=
pabilitiesdata/caps_5.0.0.ppc64.xml
index b3f673b0f6..c9cb2c0639 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
@@ -140,7 +140,7 @@
-
+
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml b/tests/qemu=
capabilitiesdata/caps_5.0.0.riscv64.xml
index 3119f6deb7..75c2fbfd54 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
@@ -139,7 +139,7 @@