[libvirt] [PATCH] qemu: clear seccomp capability if TSYNC is not supported by host
Ján Tomko
jtomko at redhat.com
Thu Aug 30 12:25:53 UTC 2018
On Thu, Aug 30, 2018 at 02:09:41PM +0200, marcandre.lureau at redhat.com wrote:
>From: Marc-André Lureau <marcandre.lureau at redhat.com>
>
>With qemu <= 3.0, when using "-seccomp on", the seccomp policy is only
>applied to the main thread, the vcpu worker thread and other worker
>threads created after seccomp policy is applied; the seccomp policy is
>not applied to e.g. the RCU thread because it is created before the
>seccomp policy is applied.
>
>Since qemu commit 70dfabeaa79ba4d7a3b699abe1a047c8012db114 "seccomp:
>set the seccomp filter to all threads", qemu will require seccomp
>TSYNC flag, and will fail to start if the flag isn't available.
>
>Without it, sandboxing is flawed. Disable seccomp capability if the
>host is not capable of using seccomp TSYNC.
>
Is there a reason for qemu to advertise 'sandbox' in
query-commandline-options if it's not usable?
Copying the QEMU logic in libvirt does not seem sustainable.
Jano
>Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
>---
> configure.ac | 2 +-
> src/qemu/qemu_capabilities.c | 27 +++++++++++++++++++++++++++
> 2 files changed, 28 insertions(+), 1 deletion(-)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180830/c5a96c30/attachment-0001.sig>
More information about the libvir-list
mailing list