From patchwork Sun Feb 3 14:07:01 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yann E. MORIN" X-Patchwork-Id: 217787 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from fraxinus.osuosl.org (fraxinus.osuosl.org [140.211.166.137]) by ozlabs.org (Postfix) with ESMTP id 5D74F2C0082 for ; Mon, 4 Feb 2013 01:13:34 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 29B7B101FA7; Sun, 3 Feb 2013 14:13:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References" Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A+i2TrCO2HUR; Sun, 3 Feb 2013 14:13:08 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 710D2103B82; Sun, 3 Feb 2013 14:08:19 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (whitealder.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 83F758F753 for ; Sun, 3 Feb 2013 14:08:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 38E788AB5A for ; Sun, 3 Feb 2013 14:08:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References" Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPKLJwgjvIrK for ; Sun, 3 Feb 2013 14:07:52 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-we0-f173.google.com (mail-we0-f173.google.com [74.125.82.173]) by whitealder.osuosl.org (Postfix) with ESMTPS id 1B1B18B2F5 for ; Sun, 3 Feb 2013 14:07:50 +0000 (UTC) Received: by mail-we0-f173.google.com with SMTP id r5so4103640wey.18 for ; Sun, 03 Feb 2013 06:07:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:from:to:cc:subject:date:message-id:x-mailer :in-reply-to:references:in-reply-to:references; bh=gPfpp15FZaxdoA2E2R1uenGnmQ3xWt/PPyWMwBkeySo=; b=QEuO4/VQuEIPjr5wGILGeM446v9vZ031BaJFzaeTad85QxdB6KYgXvqcCUwj7iUa4j f5+h+j3DJw1J3WN+w/reXUhFpOAw+K+PrzbsPswQv9gQ95D8Zaz27Yi+Nhk1JpoDp6wj TgR0pwKxqZuW1Rav4lWU738+xU/cl2LEGAYi8zqYo0jIzcD6h3nSxL9rZYBF3ZUiGLjv xshl+sGH0pnJzm5E06fOHt8iJD8Ye3Q4uChth50JgXH0WlXRAIJCOJkODaLq0eScaX4c oHYbuxshXyPeNNM6ZsiCPdzwBPXvNsy5TO152rcJFZgmoREot9bU49cXxoaZrnMK01OC Wdcw== X-Received: by 10.180.97.68 with SMTP id dy4mr5890169wib.7.1359900469298; Sun, 03 Feb 2013 06:07:49 -0800 (PST) Received: from localhost.localdomain (ARennes-256-1-39-23.w90-32.abo.wanadoo.fr. [90.32.22.23]) by mx.google.com with ESMTPS id gy2sm2970685wib.3.2013.02.03.06.07.47 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 03 Feb 2013 06:07:48 -0800 (PST) From: "Yann E. MORIN" To: buildroot@busybox.net Date: Sun, 3 Feb 2013 15:07:01 +0100 Message-Id: <3cb8961da3ec1d2742ffbf6c2354ca28079085c2.1359899108.git.yann.morin.1998@free.fr> X-Mailer: git-send-email 1.7.2.5 In-Reply-To: References: In-Reply-To: References: Cc: "Yann E. MORIN" Subject: [Buildroot] [PATCH 24/29] package/qemu: add support for libseccomp X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: buildroot-bounces@busybox.net Signed-off-by: "Yann E. MORIN" --- package/qemu/Config.in | 7 +++++++ package/qemu/qemu.mk | 8 +++++++- 2 files changed, 14 insertions(+), 1 deletions(-) diff --git a/package/qemu/Config.in b/package/qemu/Config.in index 1e4d3cc..5f4bee3 100644 --- a/package/qemu/Config.in +++ b/package/qemu/Config.in @@ -250,6 +250,13 @@ config BR2_PACKAGE_QEMU_ATTR Say 'y' here to have QEMU support attributes (attr) and eXtended attibutes (xattr). +config BR2_PACKAGE_QEMU_SECCOMP + bool "Enable seccomp filter" + select BR2_PACKAGE_LIBSECCOMP + help + Say 'y' here to have QEMU to use the Linux kernel's seccomp filter, + to more tightly confine the VMs. + config BR2_PACKAGE_QEMU_BLOBS bool "Install binary blobs" default y diff --git a/package/qemu/qemu.mk b/package/qemu/qemu.mk index dfa9e84..d18b3ec 100644 --- a/package/qemu/qemu.mk +++ b/package/qemu/qemu.mk @@ -251,6 +251,13 @@ else QEMU_OPTS += --disable-attr endif +ifeq ($(BR2_PACKAGE_QEMU_SECCOMP),y) +QEMU_OPTS += --enable-seccomp +QEMU_DEPENDENCIES += libseccomp +else +QEMU_OPTS += --disable-seccomp +endif + ifeq ($(BR2_PACKAGE_QEMU_BLOBS),) QEMU_OPTS += --disable-blobs endif @@ -334,7 +341,6 @@ define QEMU_CONFIGURE_CMDS --disable-rbd \ --disable-smartcard \ --disable-strip \ - --disable-seccomp \ --disable-sparse \ --disable-tools \ $(QEMU_OPTS) \