pull-seccomp-20180926
-----BEGIN PGP SIGNATURE----- iQEcBAABAgAGBQJbq4eGAAoJEN8y58Dw//mi+UEH/3wAU1gfDsizaTpo+eMHIBrA K9KZadaU2aMAUk8NEaouU+cKOpoctGLVHF979GaKJzTMPlWEupwyDhc4N0waV15L Zxnlu3UPFPOILnnzomEhmpSYJAHIfGAizjUtTh2nyotTz5MjTmuk4AFTnNKtNUvJ lp+72vhwrbIErPbKoG2poLLPe8D+A51j7/StmVdpnj2jIxdTwcTiKDe6WwjxqUXR gCalB/iTkpPB6bdXbBeWlw3Uu9Gmm6meORMYQza0SpTrOd3/vUyw0AXPYhMZufKT lFps3dI7wYNKDvT9R5ZIaQcZnngWVHQzTj4fUUs0Qz7E7B/imooxjGaxtxR6LOY= =Tfvq -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180926' into staging pull-seccomp-20180926 # gpg: Signature made Wed 26 Sep 2018 14:20:06 BST # gpg: using RSA key DF32E7C0F0FFF9A2 # gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>" # Primary key fingerprint: D67E 1B50 9374 86B4 0723 DBAB DF32 E7C0 F0FF F9A2 * remotes/otubo/tags/pull-seccomp-20180926: seccomp: check TSYNC host capability Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
567ea80834
@ -282,7 +282,24 @@ static QemuOptsList qemu_sandbox_opts = {
|
|||||||
|
|
||||||
static void seccomp_register(void)
|
static void seccomp_register(void)
|
||||||
{
|
{
|
||||||
qemu_add_opts(&qemu_sandbox_opts);
|
bool add = false;
|
||||||
|
|
||||||
|
/* FIXME: use seccomp_api_get() >= 2 check when released */
|
||||||
|
|
||||||
|
#if defined(SECCOMP_FILTER_FLAG_TSYNC)
|
||||||
|
int check;
|
||||||
|
|
||||||
|
/* check host TSYNC capability, it returns errno == ENOSYS if unavailable */
|
||||||
|
check = qemu_seccomp(SECCOMP_SET_MODE_FILTER,
|
||||||
|
SECCOMP_FILTER_FLAG_TSYNC, NULL);
|
||||||
|
if (check < 0 && errno == EFAULT) {
|
||||||
|
add = true;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (add) {
|
||||||
|
qemu_add_opts(&qemu_sandbox_opts);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
opts_init(seccomp_register);
|
opts_init(seccomp_register);
|
||||||
#endif
|
#endif
|
||||||
|
4
vl.c
4
vl.c
@ -3917,8 +3917,8 @@ int main(int argc, char **argv, char **envp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_SECCOMP
|
#ifdef CONFIG_SECCOMP
|
||||||
if (qemu_opts_foreach(qemu_find_opts("sandbox"),
|
olist = qemu_find_opts_err("sandbox", NULL);
|
||||||
parse_sandbox, NULL, NULL)) {
|
if (olist && qemu_opts_foreach(olist, parse_sandbox, NULL, NULL)) {
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user