]> xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commitdiff
projects / people / liuw / libxenctrl-split / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ede22e5)
qemu: conf: add seccomp_sandbox option
authorJán Tomko <jtomko@redhat.com>
Mon, 17 Sep 2012 07:59:53 +0000 (09:59 +0200)
committerDaniel Veillard <veillard@redhat.com>
Tue, 18 Sep 2012 07:43:28 +0000 (15:43 +0800)
src/qemu/libvirtd_qemu.aug patch | blob | blame | history
src/qemu/qemu.conf patch | blob | blame | history
src/qemu/qemu_conf.c patch | blob | blame | history
src/qemu/qemu_conf.h patch | blob | blame | history

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index b95d751e622a4d61ca4e393099f03790aa2b5ef6..91f5f772a7d176afcea91430e8b9af90d3e6eff0 100644 (file)
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -50,6 +50,7 @@ module Libvirtd_qemu =
                  | bool_entry "dynamic_ownership"
                  | str_array_entry "cgroup_controllers"
                  | str_array_entry "cgroup_device_acl"
+                 | int_entry "seccomp_sandbox"
 
    let save_entry =  str_entry "save_image_format"
                  | str_entry "dump_image_format"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 6cd0d8038e4d1ec7744c4a246ea1a15563d1597a..18105ca926daaf6c5a739671573ef73f55d64b46 100644 (file)
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -378,3 +378,11 @@
 #
 #keepalive_interval = 5
 #keepalive_count = 5
+
+
+
+# Use seccomp syscall whitelisting in QEMU.
+# 1 = on, 0 = off, -1 = use QEMU default
+# Defaults to -1.
+#
+#seccomp_sandbox = 1
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index e9e15c50292d416ee542b0f6d57fd60978d311f8..91a56f1379f0667c5cc4964db3afa8c687161af7 100644 (file)
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -129,6 +129,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
 
     driver->keepAliveInterval = 5;
     driver->keepAliveCount = 5;
+    driver->seccompSandbox = -1;
 
     /* Just check the file is readable before opening it, otherwise
      * libvirt emits an error.
@@ -570,6 +571,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
     CHECK_TYPE("keepalive_count", VIR_CONF_LONG);
     if (p) driver->keepAliveCount = p->l;
 
+    p = virConfGetValue(conf, "seccomp_sandbox");
+    CHECK_TYPE("seccomp_sandbox", VIR_CONF_LONG);
+    if (p) driver->seccompSandbox = p->l;
+
     virConfFree (conf);
     return 0;
 }
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index ac285f6ed46d8e6fb3d2e4ed4b9b275d12edd5dc..93795a59b9942e9ef5fd530830cd38b28933857b 100644 (file)
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -152,6 +152,7 @@ struct qemud_driver {
 
     int keepAliveInterval;
     unsigned int keepAliveCount;
+    int seccompSandbox;
 };
 
 typedef struct _qemuDomainCmdlineDef qemuDomainCmdlineDef;
Unnamed repository; edit this file 'description' to name the repository.