qemu: seccomp: remove dead code

There is no QEMU we support that would need the old syntax
for -sandbox on.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index fa9998a191a32f87b58ed88f60c2c85332ba49a5..48df8818a6bf515c314795b209420d33674f3e63 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -10119,7 +10119,6 @@ qemuBuildSeccompSandboxCommandLine(virCommand *cmd,
         return 0;
     }
 
-    /* Use blacklist by default if supported */
     if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_SANDBOX)) {
         virCommandAddArgList(cmd, "-sandbox",
                              "on,obsolete=deny,elevateprivileges=deny,"
@@ -10128,10 +10127,6 @@ qemuBuildSeccompSandboxCommandLine(virCommand *cmd,
         return 0;
     }
 
-    /* Seccomp whitelist is opt-in */
-    if (cfg->seccompSandbox > 0)
-        virCommandAddArgList(cmd, "-sandbox", "on", NULL);
-
     return 0;
 
 }