qemu: always assume QEMU_CAPS_SECCOMP_BLACKLIST

elevateprivileges was introduced by QEMU commit: 73a1e64725 "seccomp: add elevateprivileges argument to command line" released in 2.11.0 and later made conditional on SECCOMP support by: 9d0fdecbad sandbox: disable -sandbox if CONFIG_SECCOMP undefined Use the existence of the sandbox option as a witness for its support. Signed-off-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2025-01-22 12:35:17 +00:00 · 2021-09-24 16:04:30 +02:00 · 2021-09-24 16:04:30 +02:00 · 142938f5c2
commit 142938f5c2
parent 88a3977922
1 changed files with 1 additions and 1 deletions
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@ -10120,7 +10120,7 @@ qemuBuildSeccompSandboxCommandLine(virCommand *cmd,
    }

    /* Use blacklist by default if supported */
-    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_BLACKLIST)) {
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_SANDBOX)) {
        virCommandAddArgList(cmd, "-sandbox",
                             "on,obsolete=deny,elevateprivileges=deny,"
                             "spawn=deny,resourcecontrol=deny",