qemu: always assume QEMU_CAPS_SECCOMP_BLACKLIST

elevateprivileges was introduced by QEMU commit:
73a1e64725 "seccomp: add elevateprivileges argument to command line"
released in 2.11.0
and later made conditional on SECCOMP support by:
9d0fdecbad sandbox: disable -sandbox if CONFIG_SECCOMP undefined

Use the existence of the sandbox option as a witness for its support.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index b60ee1192b19ca039ca416ffd5fae017eed42a6a..fa9998a191a32f87b58ed88f60c2c85332ba49a5 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -10120,7 +10120,7 @@ qemuBuildSeccompSandboxCommandLine(virCommand *cmd,
     }
 
     /* Use blacklist by default if supported */
-    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_BLACKLIST)) {
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_SANDBOX)) {
         virCommandAddArgList(cmd, "-sandbox",
                              "on,obsolete=deny,elevateprivileges=deny,"
                              "spawn=deny,resourcecontrol=deny",