With the inclusion of the new "double whitelist" seccomp filter, Qemu
won't be able to execve() in runtime, thus, no hotplug net devices
allowed.
Signed-off-by: Eduardo Otubo <address@hidden>
---
hmp.c | 6 ++++++
net.c | 13 +++++++++++++
2 files changed, 19 insertions(+)
diff --git a/hmp.c b/hmp.c
index 70bdec2..f258338 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1091,6 +1091,12 @@ void hmp_netdev_add(Monitor *mon, const QDict *qdict)
Error *err = NULL;
QemuOpts *opts;
+#ifdef CONFIG_SECCOMP
+ error_set(&err, ERROR_CLASS_GENERIC_ERROR,
+ "Cannot hotplug TAP device when -sandbox is in effect");
+ goto out;
+#endif
+
opts = qemu_opts_from_qdict(qemu_find_opts("netdev"), qdict, &err);
if (error_is_set(&err)) {
goto out;
diff --git a/net.c b/net.c
index ae4bc0d..a652ee9 100644
--- a/net.c
+++ b/net.c
@@ -752,6 +752,12 @@ void net_host_device_add(Monitor *mon, const QDict *qdict)
Error *local_err = NULL;
QemuOpts *opts;
+#ifdef CONFIG_SECCOMP
+ error_set(&local_err, ERROR_CLASS_GENERIC_ERROR,
+ "Cannot hotplug TAP device when -sandbox is in effect");
+ goto out;
+#endif
+
if (!net_host_check_device(device)) {
monitor_printf(mon, "invalid host network device %s\n", device);
return;
@@ -765,6 +771,7 @@ void net_host_device_add(Monitor *mon, const QDict *qdict)
qemu_opt_set(opts, "type", device);
net_client_init(opts, 0, &local_err);
+out:
if (error_is_set(&local_err)) {
qerror_report_err(local_err);
error_free(local_err);
@@ -800,6 +807,12 @@ int qmp_netdev_add(Monitor *mon, const QDict *qdict,
QObject **ret)
QemuOptsList *opts_list;
QemuOpts *opts;
+#ifdef CONFIG_SECCOMP
+ error_set(&local_err, ERROR_CLASS_GENERIC_ERROR,
+ "Cannot hotplug TAP device when -sandbox is in effect");
+ goto exit_err;
+#endif
+
opts_list = qemu_find_opts_err("netdev", &local_err);
if (error_is_set(&local_err)) {
goto exit_err;