#ifdef CONFIG_SECCOMP
#include "sysemu/seccomp.h"
-#endif
-
-#if defined(CONFIG_VDE)
-#include <libvdeplug.h>
+#include "sys/prctl.h"
#endif
#ifdef CONFIG_SDL
int win2k_install_hack = 0;
int singlestep = 0;
int smp_cpus = 1;
-int max_cpus = 1;
+unsigned int max_cpus = 1;
int smp_cores = 1;
int smp_threads = 1;
int acpi_enabled = 1;
.name = "enable",
.type = QEMU_OPT_BOOL,
},
+ {
+ .name = "obsolete",
+ .type = QEMU_OPT_STRING,
+ },
+ {
+ .name = "elevateprivileges",
+ .type = QEMU_OPT_STRING,
+ },
+ {
+ .name = "spawn",
+ .type = QEMU_OPT_STRING,
+ },
+ {
+ .name = "resourcecontrol",
+ .type = QEMU_OPT_STRING,
+ },
{ /* end of list */ }
},
};
{ RUN_STATE_PAUSED, RUN_STATE_RUNNING },
{ RUN_STATE_PAUSED, RUN_STATE_FINISH_MIGRATE },
+ { RUN_STATE_PAUSED, RUN_STATE_POSTMIGRATE },
{ RUN_STATE_PAUSED, RUN_STATE_PRELAUNCH },
{ RUN_STATE_PAUSED, RUN_STATE_COLO},
{ RUN_STATE_PRELAUNCH, RUN_STATE_INMIGRATE },
{ RUN_STATE_FINISH_MIGRATE, RUN_STATE_RUNNING },
+ { RUN_STATE_FINISH_MIGRATE, RUN_STATE_PAUSED },
{ RUN_STATE_FINISH_MIGRATE, RUN_STATE_POSTMIGRATE },
{ RUN_STATE_FINISH_MIGRATE, RUN_STATE_PRELAUNCH },
{ RUN_STATE_FINISH_MIGRATE, RUN_STATE_COLO},
static int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)
{
- /* FIXME: change this to true for 1.3 */
if (qemu_opt_get_bool(opts, "enable", false)) {
#ifdef CONFIG_SECCOMP
- if (seccomp_start() < 0) {
+ uint32_t seccomp_opts = QEMU_SECCOMP_SET_DEFAULT
+ | QEMU_SECCOMP_SET_OBSOLETE;
+ const char *value = NULL;
+
+ value = qemu_opt_get(opts, "obsolete");
+ if (value) {
+ if (g_str_equal(value, "allow")) {
+ seccomp_opts &= ~QEMU_SECCOMP_SET_OBSOLETE;
+ } else if (g_str_equal(value, "deny")) {
+ /* this is the default option, this if is here
+ * to provide a little bit of consistency for
+ * the command line */
+ } else {
+ error_report("invalid argument for obsolete");
+ return -1;
+ }
+ }
+
+ value = qemu_opt_get(opts, "elevateprivileges");
+ if (value) {
+ if (g_str_equal(value, "deny")) {
+ seccomp_opts |= QEMU_SECCOMP_SET_PRIVILEGED;
+ } else if (g_str_equal(value, "children")) {
+ seccomp_opts |= QEMU_SECCOMP_SET_PRIVILEGED;
+
+ /* calling prctl directly because we're
+ * not sure if host has CAP_SYS_ADMIN set*/
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1)) {
+ error_report("failed to set no_new_privs "
+ "aborting");
+ return -1;
+ }
+ } else if (g_str_equal(value, "allow")) {
+ /* default value */
+ } else {
+ error_report("invalid argument for elevateprivileges");
+ return -1;
+ }
+ }
+
+ value = qemu_opt_get(opts, "spawn");
+ if (value) {
+ if (g_str_equal(value, "deny")) {
+ seccomp_opts |= QEMU_SECCOMP_SET_SPAWN;
+ } else if (g_str_equal(value, "allow")) {
+ /* default value */
+ } else {
+ error_report("invalid argument for spawn");
+ return -1;
+ }
+ }
+
+ value = qemu_opt_get(opts, "resourcecontrol");
+ if (value) {
+ if (g_str_equal(value, "deny")) {
+ seccomp_opts |= QEMU_SECCOMP_SET_RESOURCECTL;
+ } else if (g_str_equal(value, "allow")) {
+ /* default value */
+ } else {
+ error_report("invalid argument for resourcecontrol");
+ return -1;
+ }
+ }
+
+ if (seccomp_start(seccomp_opts) < 0) {
error_report("failed to install seccomp syscall filter "
"in the kernel");
return -1;
return NULL;
}
+static void qemu_add_data_dir(const char *path)
+{
+ int i;
+
+ if (path == NULL) {
+ return;
+ }
+ if (data_dir_idx == ARRAY_SIZE(data_dir)) {
+ return;
+ }
+ for (i = 0; i < data_dir_idx; i++) {
+ if (strcmp(data_dir[i], path) == 0) {
+ return; /* duplicate */
+ }
+ }
+ data_dir[data_dir_idx++] = path;
+}
+
static inline bool nonempty_str(const char *str)
{
return str && *str;
*/
static bool object_create_initial(const char *type)
{
- if (g_str_equal(type, "rng-egd")) {
+ if (g_str_equal(type, "rng-egd") ||
+ g_str_has_prefix(type, "pr-manager-")) {
return false;
}
const char *qtest_log = NULL;
const char *pid_file = NULL;
const char *incoming = NULL;
- bool defconfig = true;
bool userconfig = true;
bool nographic = false;
DisplayType display_type = DT_DEFAULT;
Error *main_loop_err = NULL;
Error *err = NULL;
bool list_data_dirs = false;
+ char **dirs;
typedef struct BlockdevOptions_queue {
BlockdevOptions *bdo;
Location loc;
popt = lookup_opt(argc, argv, &optarg, &optind);
switch (popt->index) {
case QEMU_OPTION_nodefconfig:
- defconfig = false;
- break;
case QEMU_OPTION_nouserconfig:
userconfig = false;
break;
}
}
- if (defconfig && userconfig) {
+ if (userconfig) {
if (qemu_read_default_config_file() < 0) {
exit(1);
}
case QEMU_OPTION_L:
if (is_help_option(optarg)) {
list_data_dirs = true;
- } else if (data_dir_idx < ARRAY_SIZE(data_dir)) {
- data_dir[data_dir_idx++] = optarg;
+ } else {
+ qemu_add_data_dir(optarg);
}
break;
case QEMU_OPTION_bios:
qemu_set_log(0);
}
- /* If no data_dir is specified then try to find it relative to the
- executable path. */
- if (data_dir_idx < ARRAY_SIZE(data_dir)) {
- data_dir[data_dir_idx] = os_find_datadir();
- if (data_dir[data_dir_idx] != NULL) {
- data_dir_idx++;
- }
- }
- /* If all else fails use the install path specified when building. */
- if (data_dir_idx < ARRAY_SIZE(data_dir)) {
- data_dir[data_dir_idx++] = CONFIG_QEMU_DATADIR;
+ /* add configured firmware directories */
+ dirs = g_strsplit(CONFIG_QEMU_FIRMWAREPATH, G_SEARCHPATH_SEPARATOR_S, 0);
+ for (i = 0; dirs[i] != NULL; i++) {
+ qemu_add_data_dir(dirs[i]);
}
+ /* try to find datadir relative to the executable path */
+ qemu_add_data_dir(os_find_datadir());
+
+ /* add the datadir specified when building */
+ qemu_add_data_dir(CONFIG_QEMU_DATADIR);
+
/* -L help lists the data directories and exits. */
if (list_data_dirs) {
for (i = 0; i < data_dir_idx; i++) {
machine_class->max_cpus = machine_class->max_cpus ?: 1; /* Default to UP */
if (max_cpus > machine_class->max_cpus) {
- error_report("Number of SMP CPUs requested (%d) exceeds max CPUs "
- "supported by machine '%s' (%d)", max_cpus,
+ error_report("Invalid SMP CPUs %d. The max CPUs "
+ "supported by machine '%s' is %d", max_cpus,
machine_class->name, machine_class->max_cpus);
exit(1);
}
exit(1);
}
-#ifdef CONFIG_TPM
if (tpm_init() < 0) {
exit(1);
}
-#endif
/* init the bluetooth world */
if (foreach_device_config(DEV_BT, bt_parse))
current_machine->boot_order = boot_order;
current_machine->cpu_model = cpu_model;
+
+ /* parse features once if machine provides default cpu_type */
+ if (machine_class->default_cpu_type) {
+ current_machine->cpu_type = machine_class->default_cpu_type;
+ if (cpu_model) {
+ current_machine->cpu_type =
+ cpu_parse_cpu_model(machine_class->default_cpu_type, cpu_model);
+ }
+ }
+
machine_run_board_init(current_machine);
realtime_init();
res_free();
/* vhost-user must be cleaned up before chardevs. */
+ tpm_cleanup();
net_cleanup();
audio_cleanup();
monitor_cleanup();
qemu_chr_cleanup();
+ user_creatable_cleanup();
/* TODO: unref root container, check all devices are ok */
return 0;