From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 22 Aug 2023 07:45:47 +0000 (+0200)
Subject: src: Detect close_range syscall during virGlobalInit()
X-Git-Tag: v9.7.0-rc1~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15ce9e888bebe1465bcd376d97274939cbae4942;p=thirdparty%2Flibvirt.git

src: Detect close_range syscall during virGlobalInit()

The whole purpose of virCloseRangeInit() is to be called
somewhere during initialization (ideally before first virExec()
or virCommandRun()), so that the rest of the code already knows
kernel capabilities. While I can put the call somewhere into
remote_daemon.c (when a daemon initializes), we might call
virCommand*() even from client library (i.e. no daemon).

Therefore, put it into virGlobalInit() with the rest of
initialization code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
---

diff --git a/src/libvirt.c b/src/libvirt.c
index 69d5b13bff..26c3fe454f 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -231,6 +231,10 @@ virGlobalInit(void)
         goto error;
     }
 
+    /* Do this upfront rather than every time a child is spawned. */
+    if (virCloseRangeInit() < 0)
+        goto error;
+
     if (virLogSetFromEnv() < 0)
         goto error;