From patchwork Sun Dec 16 17:01:52 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 206729 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from hemlock.osuosl.org (hemlock.osuosl.org [140.211.166.133]) by ozlabs.org (Postfix) with ESMTP id 14ACC2C009B for ; Mon, 17 Dec 2012 04:04:18 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 25061A0133; Sun, 16 Dec 2012 17:04:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References" Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUtdE199P0iz; Sun, 16 Dec 2012 17:04:12 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id A35D9A010B; Sun, 16 Dec 2012 17:03:14 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (whitealder.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id A9FC68F74B for ; Sun, 16 Dec 2012 17:02:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 22FFE80C10 for ; Sun, 16 Dec 2012 17:02:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References" Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n4qCelGxKqUc for ; Sun, 16 Dec 2012 17:02:43 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-we0-f171.google.com (mail-we0-f171.google.com [74.125.82.171]) by whitealder.osuosl.org (Postfix) with ESMTPS id CA4BC80C0E for ; Sun, 16 Dec 2012 17:02:42 +0000 (UTC) Received: by mail-we0-f171.google.com with SMTP id u3so2373854wey.16 for ; Sun, 16 Dec 2012 09:02:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:in-reply-to:references; bh=qW3223xxTYFqxMxzBEUqWplAHIxSuUhG79F3KgpbgEE=; b=Ko0TZLNY13tl7F07NBBi0IzwgBCConZK7832PYJOlP0ziU7JPTgiT7e5KcgVNuYUD+ ED7rkxuUTJWdygr8WONdtbDw4QhXLFHotXJUILGHoPmiwfpEe20v7MHxLUhx0S5HwdMN iTNigBTcEcE8FHFIlmXx2BYcPGmfpkVNCopCponKkkQ9257ygAvSdHbojWjH93He0OAf EL8wMyGvSnTZlJIcG3XqQrbXOrtJBGN1qnR0CreRzdZchlnX+SQ3ZkRYyRzNO6Rs/qwa rFjwk3XRNKTlIACVfhRic1MBBAxGUtcoH/memNF8tTJ7sUUGJ21sP4cRdWfumsE8I4VE KKxw== Received: by 10.180.107.163 with SMTP id hd3mr713532wib.4.1355677361140; Sun, 16 Dec 2012 09:02:41 -0800 (PST) Received: from localhost.localdomain (ARennes-256-1-41-119.w90-32.abo.wanadoo.fr. [90.32.24.119]) by mx.google.com with ESMTPS id w5sm7363031wif.11.2012.12.16.09.02.39 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 16 Dec 2012 09:02:40 -0800 (PST) From: "Yann E. MORIN" To: buildroot@busybox.net Date: Sun, 16 Dec 2012 18:01:52 +0100 Message-Id: X-Mailer: git-send-email 1.7.2.5 In-Reply-To: References: In-Reply-To: References: Cc: "Yann E. MORIN" Subject: [Buildroot] [PATCH 23/27] package/qemu: add support for libseccomp X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: buildroot-bounces@busybox.net Signed-off-by: "Yann E. MORIN" --- package/qemu/Config.in | 7 +++++++ package/qemu/qemu.mk | 8 +++++++- 2 files changed, 14 insertions(+), 1 deletions(-) diff --git a/package/qemu/Config.in b/package/qemu/Config.in index dad72a8..4aa8647 100644 --- a/package/qemu/Config.in +++ b/package/qemu/Config.in @@ -263,6 +263,13 @@ config BR2_PACKAGE_QEMU_ATTR Say 'y' here to have QEMU support attributes (attr) and eXtended attibutes (xattr). +config BR2_PACKAGE_QEMU_SECCOMP + bool "Enable seccomp filter" + select BR2_PACKAGE_LIBSECCOMP + help + Say 'y' here to have QEMU to use the Linux kernel's seccomp filter, + to more tightly confine the VMs. + config BR2_PACKAGE_QEMU_BLOBS bool "Install binary blobs" default y diff --git a/package/qemu/qemu.mk b/package/qemu/qemu.mk index 7144377..6fad33c 100644 --- a/package/qemu/qemu.mk +++ b/package/qemu/qemu.mk @@ -251,6 +251,13 @@ else QEMU_OPTS += --disable-attr endif +ifeq ($(BR2_PACKAGE_QEMU_SECCOMP),y) +QEMU_OPTS += --enable-seccomp +QEMU_DEPENDENCIES += libseccomp +else +QEMU_OPTS += --disable-seccomp +endif + ifeq ($(BR2_PACKAGE_QEMU_BLOBS),) QEMU_OPTS += --disable-blobs endif @@ -338,7 +345,6 @@ define QEMU_CONFIGURE_CMDS --disable-rbd \ --disable-smartcard \ --disable-strip \ - --disable-seccomp \ --disable-sparse \ $(QEMU_OPTS) \ )