9d0fdecbad
If CONFIG_SECCOMP is undefined, the option 'elevatedprivileges' remains compiled. This would make libvirt set the corresponding capability and then trigger failure during guest startup. This patch moves the code regarding seccomp command line options to qemu-seccomp.c file and wraps qemu_opts_foreach finding sandbox option with CONFIG_SECCOMP. Because parse_sandbox() is moved into qemu-seccomp.c file, change seccomp_start() to static function. Signed-off-by: Yi Min Zhao <zyimin@linux.ibm.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Tested-by: Ján Tomko <jtomko@redhat.com> Acked-by: Eduardo Otubo <otubo@redhat.com>
27 lines
749 B
C
27 lines
749 B
C
/*
|
|
* QEMU seccomp mode 2 support with libseccomp
|
|
*
|
|
* Copyright IBM, Corp. 2012
|
|
*
|
|
* Authors:
|
|
* Eduardo Otubo <eotubo@br.ibm.com>
|
|
*
|
|
* This work is licensed under the terms of the GNU GPL, version 2. See
|
|
* the COPYING file in the top-level directory.
|
|
*
|
|
* Contributions after 2012-01-13 are licensed under the terms of the
|
|
* GNU GPL, version 2 or (at your option) any later version.
|
|
*/
|
|
#ifndef QEMU_SECCOMP_H
|
|
#define QEMU_SECCOMP_H
|
|
|
|
#define QEMU_SECCOMP_SET_DEFAULT (1 << 0)
|
|
#define QEMU_SECCOMP_SET_OBSOLETE (1 << 1)
|
|
#define QEMU_SECCOMP_SET_PRIVILEGED (1 << 2)
|
|
#define QEMU_SECCOMP_SET_SPAWN (1 << 3)
|
|
#define QEMU_SECCOMP_SET_RESOURCECTL (1 << 4)
|
|
|
|
int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp);
|
|
|
|
#endif
|