Re: [libvirt PATCH 05/23] qemu: remove use of the term 'blacklist' in seccomp capability
On Fri, Jun 19, 2020 at 10:32:42 +0100, Daniel Berrange wrote:
The concept we're really testing for is whether QEMU supports
the seccomp syscall filter groups. We need to keep one place
using the old term to deal with upgrades from existing hosts
with running VMs.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 72874ee4fd..56ec5c0352 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3851,9 +3851,13 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
if (str) {
int flag = virQEMUCapsTypeFromString(str);
if (flag < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("Unknown qemu capabilities flag %s"),
str);
- goto error;
+ if (g_str_equal(str, "seccomp-blacklist")) {
+ flag = QEMU_CAPS_SECCOMP_FILTER_GROUPS;
+ } else {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown qemu capabilities flag %s"),
str);
I think this should become an array so that we can extend it arbitrarily
later. This concept may come in useful.
Additionally making it with a proper explanation will prevent us from
having a magic constant in a random place in the code without proper
explanation.