From patchwork Sun Dec  9 16:35:18 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yann E. MORIN" <yann.morin.1998@free.fr>
X-Patchwork-Id: 204748
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hemlock.osuosl.org (hemlock.osuosl.org [140.211.166.133])
	by ozlabs.org (Postfix) with ESMTP id 411A42C01FA
	for <incoming@patchwork.ozlabs.org>;
	Mon, 10 Dec 2012 03:41:33 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 0F8FFA01B3;
	Sun,  9 Dec 2012 16:41:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id mvV2BpUI+LAx; Sun,  9 Dec 2012 16:41:28 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 3DF1EA00F3;
	Sun,  9 Dec 2012 16:37:40 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (whitealder.osuosl.org
	[140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id EDE038F74B
	for <buildroot@lists.busybox.net>;
	Sun,  9 Dec 2012 16:36:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id D6E7381B94
	for <buildroot@lists.busybox.net>;
	Sun,  9 Dec 2012 16:36:23 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id wNHbAsUEnwhj for <buildroot@lists.busybox.net>;
	Sun,  9 Dec 2012 16:36:23 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wg0-f41.google.com (mail-wg0-f41.google.com
	[74.125.82.41])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 009D181BA8
	for <buildroot@busybox.net>; Sun,  9 Dec 2012 16:36:22 +0000 (UTC)
Received: by mail-wg0-f41.google.com with SMTP id ds1so464860wgb.4
	for <buildroot@busybox.net>; Sun, 09 Dec 2012 08:36:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to
	:references; bh=d7b5MYr66Fz+UhZsZDJWL0+DBCBiKqyCBnWfgRJVHZI=;
	b=rgnQlSDKpj3ndykw0vWxMXBesiurvCeN+S5J35ctG3IHBRdNA4m9JQc7d1oyg4R87+
	W80CjfZzrMMFHUXGEVHUtscOtbFgMgdoomPT4RTIpCqqp6LZu9TsUNm0GmGz8x9g+LDF
	Fq+TlGjLpmOkw2oeLTlISFUs3w+usEW8ZJNyT3opJT0h3YOl1I9JWDctg2x7TCY7Ccz1
	0wH+ZhQxNClR++k8t0xh6dfy+iXWN3ijV55323nFaN0yHUjLBKFE6h/1piV0g4Y2wrNq
	gRH5T4HiROg8M/qKobJ59BeGl8MyB3dhg6sRU/tolzISHe50bz3nzyRtMVlvbHaEBfW2
	XACg==
Received: by 10.216.56.14 with SMTP id l14mr4060580wec.11.1355070982380;
	Sun, 09 Dec 2012 08:36:22 -0800 (PST)
Received: from localhost.localdomain
	(ARennes-256-1-76-30.w90-32.abo.wanadoo.fr. [90.32.155.30])
	by mx.google.com with ESMTPS id fv2sm6587947wib.4.2012.12.09.08.36.21
	(version=TLSv1/SSLv3 cipher=OTHER);
	Sun, 09 Dec 2012 08:36:21 -0800 (PST)
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Date: Sun,  9 Dec 2012 17:35:18 +0100
Message-Id: <1355070924-8009-46-git-send-email-yann.morin.1998@free.fr>
X-Mailer: git-send-email 1.7.2.5
In-Reply-To: <1355070924-8009-1-git-send-email-yann.morin.1998@free.fr>
References: <1355070924-8009-1-git-send-email-yann.morin.1998@free.fr>
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Subject: [Buildroot] [PATCH 45/51] package/qemu: add support for libseccomp
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: buildroot-bounces@busybox.net

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 package/qemu/Config.in |    7 +++++++
 package/qemu/qemu.mk   |    7 ++++++-
 2 files changed, 13 insertions(+), 1 deletions(-)

diff --git a/package/qemu/Config.in b/package/qemu/Config.in
index 20562a4..7306f43 100644
--- a/package/qemu/Config.in
+++ b/package/qemu/Config.in
@@ -266,6 +266,13 @@ config BR2_PACKAGE_QEMU_ATTR
 	  Say 'y' here to have QEMU support attributes (attr) and eXtended
 	  attibutes (xattr).
 
+config BR2_PACKAGE_QEMU_SECCOMP
+	bool "Enable seccomp filter"
+	select BR2_PACKAGE_LIBSECCOMP
+	help
+	  Say 'y' here to have QEMU to use the Linux kernel's seccomp filter,
+	  to more tightly confine the VMs.
+
 config BR2_PACKAGE_QEMU_BLOBS
 	bool "Install binary blobs"
 	default y
diff --git a/package/qemu/qemu.mk b/package/qemu/qemu.mk
index abcbae7..1fbc810 100644
--- a/package/qemu/qemu.mk
+++ b/package/qemu/qemu.mk
@@ -251,6 +251,12 @@ else
 QEMU_OPTS += --disable-attr
 endif
 
+ifeq ($(BR2_PACKAGE_QEMU_SECCOMP),y)
+QEMU_OPTS += --enable-seccomp
+else
+QEMU_OPTS += --disable-seccomp
+endif
+
 ifeq ($(BR2_PACKAGE_QEMU_BLOBS),)
 QEMU_OPTS += --disable-blobs
 endif
@@ -338,7 +344,6 @@ define QEMU_CONFIGURE_CMDS
 	        --disable-rbd                       \
 	        --disable-smartcard                 \
 	        --disable-strip                     \
-	        --disable-seccomp                   \
 	        --disable-sparse                    \
 	        $(QEMU_OPTS)                        \
 	)