From: Ján Tomko Date: Tue, 18 Sep 2012 07:24:51 +0000 (+0800) Subject: qemu: add capability flag for seccomp sandbox X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=ede22e58ff90ffe080e31cea7dc19d41c8b85529;p=people%2Fliuw%2Flibxenctrl-split%2Flibvirt.git qemu: add capability flag for seccomp sandbox This series adds support to run QEMU with seccomp sandbox enabled. It can be configured in qemu.conf to on, off, or the QEMU default, which is off in 1.2. Default value is the QEMU default. --- diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index edfe1e765..278b55094 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -179,6 +179,7 @@ VIR_ENUM_IMPL(qemuCaps, QEMU_CAPS_LAST, "usb-redir.filter", "ide-drive.wwn", "scsi-disk.wwn", + "seccomp-sandbox", ); struct _qemuCaps { @@ -1199,6 +1200,8 @@ qemuCapsComputeCmdFlags(const char *help, } if (strstr(help, "-smbios type")) qemuCapsSet(caps, QEMU_CAPS_SMBIOS_TYPE); + if (strstr(help, "-sandbox")) + qemuCapsSet(caps, QEMU_CAPS_SECCOMP_SANDBOX); if ((netdev = strstr(help, "-netdev"))) { /* Disable -netdev on 0.12 since although it exists, diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index fb1841a97..4da2a292e 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -144,6 +144,7 @@ enum qemuCapsFlags { QEMU_CAPS_USB_REDIR_FILTER = 106, /* usb-redir.filter */ QEMU_CAPS_IDE_DRIVE_WWN = 107, /* Is ide-drive.wwn available? */ QEMU_CAPS_SCSI_DISK_WWN = 108, /* Is scsi-disk.wwn available? */ + QEMU_CAPS_SECCOMP_SANDBOX = 109, /* -sandbox */ QEMU_CAPS_LAST, /* this must always be the last item */ };