qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Allow -sandbox off with --disable-seccomp

From: Marc-André Lureau
Subject: Re: [Qemu-devel] [PATCH] Allow -sandbox off with --disable-seccomp
Date: Wed, 27 Feb 2019 10:51:54 +0100 
Hi

On Wed, Feb 27, 2019 at 2:22 AM David Gibson
<address@hidden> wrote:
>
> At present, when seccomp support is compiled out with --disable-seccomp
> we fail with an error if the user puts -sandbox on the command line.
>
> That kind of makes sense, but it's a bit strange that we reject a request
> to disable sandboxing with "-sandbox off" saying we don't support
> sandboxing.
>
> This puts in a small sandbox to (correctly) silently ignore -sandbox off
> when we don't have sandboxing support compiled in.  This makes life easier
> for testcases, since they can safely specify "-sandbox off" without having
> to care if the qemu they're using is compiled with sandbox support or not.
>
> Signed-off-by: David Gibson <address@hidden>

Reviewed-by: Marc-André Lureau <address@hidden>

> ---
>  vl.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/vl.c b/vl.c
> index 502857a176..9d5f1b7ebb 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -3857,9 +3857,11 @@ int main(int argc, char **argv, char **envp)
>                      exit(1);
>                  }
>  #else
> -                error_report("-sandbox support is not enabled "
> -                             "in this QEMU binary");
> -                exit(1);
> +                if (!g_str_equal(optarg, "off")) {
> +                    error_report("-sandbox support is not enabled "
> +                                 "in this QEMU binary");
> +                    exit(1);
> +                }
>  #endif
>                  break;
>              case QEMU_OPTION_add_fd:
> --
> 2.20.1
>
>


-- 
Marc-André Lureau
reply via email to
[Prev in Thread] Current Thread [Next in Thread]