[libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability

Friday, 19 June 2020

The concept we're really testing for is whether QEMU supports
the seccomp syscall filter groups. We need to keep one place
using the old term to deal with upgrades from existing hosts
with running VMs.

Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt;
---
 src/qemu/qemu.conf                                   |  2 +-
 src/qemu/qemu_capabilities.c                         |  4 ++--
 src/qemu/qemu_capabilities.h                         |  2 +-
 src/qemu/qemu_command.c                              |  4 ++--
 src/qemu/qemu_domain.c                               | 10 +++++++---
 tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml   |  2 +-
 tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml      |  2 +-
 tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml      |  2 +-
 tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml      |  2 +-
 tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml      |  2 +-
 tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml      |  2 +-
 tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml      |  2 +-
 tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml      |  2 +-
 tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml      |  2 +-
 tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml    |  2 +-
 tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml     |  2 +-
 tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml     |  2 +-
 tests/qemustatusxml2xmldata/backup-pull-in.xml       |  2 +-
 tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml |  2 +-
 tests/qemuxml2argvtest.c                             |  2 +-
 37 files changed, 45 insertions(+), 41 deletions(-)

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index f89dbd2c3a..99b9ce53e5 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -704,7 +704,7 @@
 # If it is unset (or -1), then seccomp will be enabled
 # only if QEMU >= 2.11.0 is detected, otherwise it is
 # left disabled. This ensures the default config gets
-# protection for new QEMU using the blacklist approach.
+# protection for new QEMU with filter groups.
 #
 #seccomp_sandbox = 1
 
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 68fcbd3c4f..310be800e2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -468,7 +468,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               /* 285 */
               "qcow2-luks",
               "pcie-pci-bridge",
-              "seccomp-blacklist",
+              "seccomp-filter-groups",
               "query-cpus-fast",
               "disk-write-cache",
 
@@ -3292,7 +3292,7 @@ static struct virQEMUCapsCommandLineProps virQEMUCapsCommandLine[] =
{
     { "vnc", "vnc", QEMU_CAPS_VNC_MULTI_SERVERS },
     { "chardev", "reconnect", QEMU_CAPS_CHARDEV_RECONNECT },
     { "sandbox", "enable", QEMU_CAPS_SECCOMP_SANDBOX },
-    { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_BLACKLIST },
+    { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_FILTER_GROUPS
},
     { "chardev", "fd", QEMU_CAPS_CHARDEV_FD_PASS },
     { "overcommit", NULL, QEMU_CAPS_OVERCOMMIT },
     { "smp-opts", "dies", QEMU_CAPS_SMP_DIES },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index ad93816d41..0ee3e357cb 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -448,7 +448,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check
*/
     /* 285 */
     QEMU_CAPS_QCOW2_LUKS, /* qcow2 format support LUKS encryption */
     QEMU_CAPS_DEVICE_PCIE_PCI_BRIDGE, /* -device pcie-pci-bridge */
-    QEMU_CAPS_SECCOMP_BLACKLIST, /* -sandbox.elevateprivileges */
+    QEMU_CAPS_SECCOMP_FILTER_GROUPS, /* -sandbox.elevateprivileges */
     QEMU_CAPS_QUERY_CPUS_FAST, /* query-cpus-fast command */
     QEMU_CAPS_DISK_WRITE_CACHE, /* qemu block frontends support write-cache param */
 
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index f27246b4c6..37113a433a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9517,8 +9517,8 @@ qemuBuildSeccompSandboxCommandLine(virCommandPtr cmd,
         return 0;
     }
 
-    /* Use blacklist by default if supported */
-    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_BLACKLIST)) {
+    /* Block undesirable syscall groups by default if supported */
+    if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SECCOMP_FILTER_GROUPS)) {
         virCommandAddArgList(cmd, "-sandbox",
                              "on,obsolete=deny,elevateprivileges=deny,"
                              "spawn=deny,resourcecontrol=deny",
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 72874ee4fd..56ec5c0352 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
             if (str) {
                 int flag = virQEMUCapsTypeFromString(str);
                 if (flag < 0) {
-                    virReportError(VIR_ERR_INTERNAL_ERROR,
-                                   _("Unknown qemu capabilities flag %s"),
str);
-                    goto error;
+                    if (g_str_equal(str, "seccomp-blacklist")) {
+                        flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
+                    } else {
+                        virReportError(VIR_ERR_INTERNAL_ERROR,
+                                       _("Unknown qemu capabilities flag %s"),
str);
+                        goto error;
+                    }
                 }
                 virQEMUCapsSet(qemuCaps, flag);
             }
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
index 0391f4b81e..9822f50827 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
@@ -99,7 +99,7 @@
   <flag name='virtio-mouse-ccw'/>
   <flag name='virtio-tablet-ccw'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
   <flag name='pr-manager-helper'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
index 9eaafb4ba6..3e5e3b4ad3 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml
@@ -173,7 +173,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
   <flag name='pr-manager-helper'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
index a5d6dc3bef..3c5f8235fe 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
@@ -134,7 +134,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
index d1ed9f6e28..e5a02c382e 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
@@ -131,7 +131,7 @@
   <flag name='machine.pseries.max-cpu-compat'/>
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
index cef6ebb9ad..238b05240c 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
@@ -99,7 +99,7 @@
   <flag name='virtio-mouse-ccw'/>
   <flag name='virtio-tablet-ccw'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
index 6d48699e3e..6011f2f4a2 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -170,7 +170,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
index e4a560bac5..a1643260ab 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml
@@ -130,7 +130,7 @@
   <flag name='machine.pseries.max-cpu-compat'/>
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
index 71f9b0c37f..6d1e3d8cd5 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv32.xml
@@ -75,7 +75,7 @@
   <flag name='iscsi.password-secret'/>
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
index 279078d541..a6994acac3 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.riscv64.xml
@@ -75,7 +75,7 @@
   <flag name='iscsi.password-secret'/>
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
index f1ed34c612..4d80f9c6ba 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.s390x.xml
@@ -101,7 +101,7 @@
   <flag name='virtio-mouse-ccw'/>
   <flag name='virtio-tablet-ccw'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
index ae1836b28f..e31cb7c345 100644
--- a/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml
@@ -172,7 +172,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
index 0dc0393c22..d01de900c9 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.ppc64.xml
@@ -131,7 +131,7 @@
   <flag name='machine.pseries.max-cpu-compat'/>
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
index d4ff21fdac..177dedbfb5 100644
--- a/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_3.1.0.x86_64.xml
@@ -172,7 +172,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
index 404a39af03..7afec03c2f 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.aarch64.xml
@@ -135,7 +135,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
index cb0232173c..81ed3b58de 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.ppc64.xml
@@ -138,7 +138,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
index 11475306f9..bfb38b6eae 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv32.xml
@@ -139,7 +139,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
index 608590a35b..801a7c368e 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.riscv64.xml
@@ -139,7 +139,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
index f4d20169e0..0be526ce7f 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.s390x.xml
@@ -101,7 +101,7 @@
   <flag name='virtio-mouse-ccw'/>
   <flag name='virtio-tablet-ccw'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
index 0e66a4c847..930f508048 100644
--- a/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.0.0.x86_64.xml
@@ -171,7 +171,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
index f2d3902e6c..e1481979e8 100644
--- a/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.1.0.x86_64.xml
@@ -171,7 +171,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
index 98cee36669..bc643545ac 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml
@@ -137,7 +137,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
index 70c826e0cf..ed3c865747 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml
@@ -138,7 +138,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
index 0b174ffeec..335a06d897 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml
@@ -101,7 +101,7 @@
   <flag name='virtio-mouse-ccw'/>
   <flag name='virtio-tablet-ccw'/>
   <flag name='qcow2-luks'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
index eaf71eb469..009536f0b4 100644
--- a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml
@@ -172,7 +172,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
index f2d691734f..b2f6e0ed30 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml
@@ -139,7 +139,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
index b3f673b0f6..c9cb2c0639 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml
@@ -140,7 +140,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
index 3119f6deb7..75c2fbfd54 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml
@@ -139,7 +139,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
index 6d1c779272..a01395cf53 100644
--- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml
@@ -172,7 +172,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
index 26a7985add..7c36716d88 100644
--- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml
@@ -172,7 +172,7 @@
   <flag name='dump-completed'/>
   <flag name='qcow2-luks'/>
   <flag name='pcie-pci-bridge'/>
-  <flag name='seccomp-blacklist'/>
+  <flag name='seccomp-filter-groups'/>
   <flag name='query-cpus-fast'/>
   <flag name='disk-write-cache'/>
   <flag name='nbd-tls'/>
diff --git a/tests/qemustatusxml2xmldata/backup-pull-in.xml
b/tests/qemustatusxml2xmldata/backup-pull-in.xml
index 1db978a3ac..76d723cf76 100644
--- a/tests/qemustatusxml2xmldata/backup-pull-in.xml
+++ b/tests/qemustatusxml2xmldata/backup-pull-in.xml
@@ -189,7 +189,7 @@
     <flag name='dump-completed'/>
     <flag name='qcow2-luks'/>
     <flag name='pcie-pci-bridge'/>
-    <flag name='seccomp-blacklist'/>
+    <flag name='seccomp-filter-groups'/>
     <flag name='query-cpus-fast'/>
     <flag name='disk-write-cache'/>
     <flag name='nbd-tls'/>
diff --git a/tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml
b/tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml
index cc17a17ff4..a4d9d57666 100644
--- a/tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml
+++ b/tests/qemustatusxml2xmldata/blockjob-blockdev-in.xml
@@ -189,7 +189,7 @@
     <flag name='dump-completed'/>
     <flag name='qcow2-luks'/>
     <flag name='pcie-pci-bridge'/>
-    <flag name='seccomp-blacklist'/>
+    <flag name='seccomp-filter-groups'/>
     <flag name='query-cpus-fast'/>
     <flag name='disk-write-cache'/>
     <flag name='nbd-tls'/>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index d5b2a21b5a..0989abd042 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -921,7 +921,7 @@ mymain(void)
 
     DO_TEST("minimal", NONE);
     DO_TEST("minimal-sandbox",
-            QEMU_CAPS_SECCOMP_BLACKLIST);
+            QEMU_CAPS_SECCOMP_FILTER_GROUPS);
     DO_TEST_PARSE_ERROR("minimal-no-memory", NONE);
     DO_TEST("minimal-msg-timestamp", QEMU_CAPS_MSG_TIMESTAMP);
 
-- 
2.24.1


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability