From 15ce9e888bebe1465bcd376d97274939cbae4942 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 22 Aug 2023 09:45:47 +0200
Subject: [PATCH] src: Detect close_range syscall during virGlobalInit()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The whole purpose of virCloseRangeInit() is to be called
somewhere during initialization (ideally before first virExec()
or virCommandRun()), so that the rest of the code already knows
kernel capabilities. While I can put the call somewhere into
remote_daemon.c (when a daemon initializes), we might call
virCommand*() even from client library (i.e. no daemon).

Therefore, put it into virGlobalInit() with the rest of
initialization code.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
---
 src/libvirt.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libvirt.c b/src/libvirt.c
index 69d5b13bff..26c3fe454f 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -231,6 +231,10 @@ virGlobalInit(void)
         goto error;
     }
 
+    /* Do this upfront rather than every time a child is spawned. */
+    if (virCloseRangeInit() < 0)
+        goto error;
+
     if (virLogSetFromEnv() < 0)
         goto error;