From: Ján Tomko <jtomko@redhat.com>
Date: Mon, 17 Sep 2012 07:59:54 +0000 (+0200)
Subject: qemu: add -sandbox to command line if requested
X-Git-Tag: v0.10.2-rc1~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f7861ca3f0fcddbe5365009e0d5455ee8100617;p=thirdparty%2Flibvirt.git

qemu: add -sandbox to command line if requested
---

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index ec29d4e9b6..cbf4aeec7a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6528,6 +6528,17 @@ qemuBuildCommandLine(virConnectPtr conn,
                                  ? qemucmd->env_value[i] : "");
     }
 
+    if (qemuCapsGet(caps, QEMU_CAPS_SECCOMP_SANDBOX)) {
+        if (driver->seccompSandbox == 0)
+            virCommandAddArgList(cmd, "-sandbox", "off", NULL);
+        else if (driver->seccompSandbox > 0)
+            virCommandAddArgList(cmd, "-sandbox", "on", NULL);
+    } else if (driver->seccompSandbox > 0) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("QEMU does not support seccomp sandboxes"));
+        goto error;
+    }
+
     return cmd;
 
  no_memory: