On 05/07/2018 05:32 AM, Yi Min Zhao wrote: > 1. Problem Description > ====================== > If QEMU is built without seccomp support, 'elevatorprivileges' remains compiled. > This option of sandbox is treated as an indication for seccomp blacklist support > in libvirt. This behavior is introduced by the libvirt commits 31ca6a5 and > 3527f9d. It would make libvirt build wrong QEMU cmdline, and then the guest > startup would fail. Adding libvirt list. This would still fail with older QEMUs, so the question is if we should also OR instead change something in libvirt. > > 2. Libvirt Log > ============== > qemu-system-s390x: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\ > resourcecontrol=deny: seccomp support is disabled > > 3. Fixup > ======== > Wrap the options except 'enable' for qemu_sandbox_opts by CONFIG_SECCOMP. > > Yi Min Zhao (1): > sandbox: avoid to compile options if CONFIG_SECCOMP undefined > > vl.c | 2 ++ > 1 file changed, 2 insertions(+) > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
