qemu: add -sandbox to command line if requested

author Ján Tomko <jtomko@redhat.com>

Mon, 17 Sep 2012 07:59:54 +0000 (09:59 +0200)

committer Daniel Veillard <veillard@redhat.com>

Tue, 18 Sep 2012 07:43:28 +0000 (15:43 +0800)
author Ján Tomko <jtomko@redhat.com>
Mon, 17 Sep 2012 07:59:54 +0000 (09:59 +0200)
committer Daniel Veillard <veillard@redhat.com>
Tue, 18 Sep 2012 07:43:28 +0000 (15:43 +0800)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c

index ec29d4e9b6d9f3485047de10a4f82d5122f707b2..cbf4aeec7a8a6bdaf5a4d4d7243ce3938dfcb33d 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6528,6 +6528,17 @@ qemuBuildCommandLine(virConnectPtr conn,
                                   ? qemucmd->env_value[i] : "");
      }
  
+    if (qemuCapsGet(caps, QEMU_CAPS_SECCOMP_SANDBOX)) {
+        if (driver->seccompSandbox == 0)
+            virCommandAddArgList(cmd, "-sandbox", "off", NULL);
+        else if (driver->seccompSandbox > 0)
+            virCommandAddArgList(cmd, "-sandbox", "on", NULL);
+    } else if (driver->seccompSandbox > 0) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("QEMU does not support seccomp sandboxes"));
+        goto error;
+    }
+
      return cmd;
  
   no_memory:
author	Ján Tomko <jtomko@redhat.com>
	Mon, 17 Sep 2012 07:59:54 +0000 (09:59 +0200)
committer	Daniel Veillard <veillard@redhat.com>
	Tue, 18 Sep 2012 07:43:28 +0000 (15:43 +0800)