[libvirt] [PATCHv2 2/4] qemu: conf: add seccomp_sandbox option

Ján Tomko jtomko at redhat.com
Wed Sep 12 08:03:00 UTC 2012


---
 src/qemu/libvirtd_qemu.aug |    1 +
 src/qemu/qemu.conf         |    8 ++++++++
 src/qemu/qemu_conf.c       |    5 +++++
 src/qemu/qemu_conf.h       |    1 +
 4 files changed, 15 insertions(+), 0 deletions(-)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index b95d751..91f5f77 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -50,6 +50,7 @@ module Libvirtd_qemu =
                  | bool_entry "dynamic_ownership"
                  | str_array_entry "cgroup_controllers"
                  | str_array_entry "cgroup_device_acl"
+                 | int_entry "seccomp_sandbox"
 
    let save_entry =  str_entry "save_image_format"
                  | str_entry "dump_image_format"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 6cd0d80..18105ca 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -378,3 +378,11 @@
 #
 #keepalive_interval = 5
 #keepalive_count = 5
+
+
+
+# Use seccomp syscall whitelisting in QEMU.
+# 1 = on, 0 = off, -1 = use QEMU default
+# Defaults to -1.
+#
+#seccomp_sandbox = 1
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index e9e15c5..91a56f1 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -129,6 +129,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
 
     driver->keepAliveInterval = 5;
     driver->keepAliveCount = 5;
+    driver->seccompSandbox = -1;
 
     /* Just check the file is readable before opening it, otherwise
      * libvirt emits an error.
@@ -570,6 +571,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver,
     CHECK_TYPE("keepalive_count", VIR_CONF_LONG);
     if (p) driver->keepAliveCount = p->l;
 
+    p = virConfGetValue(conf, "seccomp_sandbox");
+    CHECK_TYPE("seccomp_sandbox", VIR_CONF_LONG);
+    if (p) driver->seccompSandbox = p->l;
+
     virConfFree (conf);
     return 0;
 }
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index ac285f6..93795a5 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -152,6 +152,7 @@ struct qemud_driver {
 
     int keepAliveInterval;
     unsigned int keepAliveCount;
+    int seccompSandbox;
 };
 
 typedef struct _qemuDomainCmdlineDef qemuDomainCmdlineDef;
-- 
1.7.8.6




More information about the libvir-list mailing list