Reintroduce QEMU_CAPS_SECCOMP_SANDBOX

Commit 766d5c1b deprecated the capability, because we were assuming
it for every QEMU binary. At the time of the introduction, there
was no way to probe for this via QMP.

However since QEMU 1.5.0 (which is the earliest version we support)
we can rely on the query-command-line-options command to detect this
feature.

Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>

src/qemu/qemu_capabilities.c

@@ -2496,6 +2496,7 @@ static struct virQEMUCapsCommandLineProps virQEMUCapsCommandLine[] = {
     { "machine", "loadparm", QEMU_CAPS_LOADPARM },
     { "vnc", "vnc", QEMU_CAPS_VNC_MULTI_SERVERS },
     { "chardev", "reconnect", QEMU_CAPS_CHARDEV_RECONNECT },
+    { "sandbox", "enable", QEMU_CAPS_SECCOMP_SANDBOX },
     { "sandbox", "elevateprivileges", QEMU_CAPS_SECCOMP_BLACKLIST },
 };
 

src/qemu/qemu_capabilities.h

@@ -199,7 +199,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
     QEMU_CAPS_USB_REDIR_FILTER, /* usb-redir.filter */
     QEMU_CAPS_IDE_DRIVE_WWN, /* Is ide-drive.wwn available? */
     QEMU_CAPS_SCSI_DISK_WWN, /* Is scsi-disk.wwn available? */
-    X_QEMU_CAPS_SECCOMP_SANDBOX, /* -sandbox */
+    QEMU_CAPS_SECCOMP_SANDBOX, /* -sandbox */
 
     /* 110 */
     QEMU_CAPS_REBOOT_TIMEOUT, /* -boot reboot-timeout */

tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml

@@ -35,6 +35,7 @@
   <flag name='blockio'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml

@@ -34,6 +34,7 @@
   <flag name='blockio'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml

@@ -20,6 +20,7 @@
   <flag name='virtio-scsi-pci'/>
   <flag name='blockio'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml

@@ -20,6 +20,7 @@
   <flag name='virtio-scsi-pci'/>
   <flag name='blockio'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml

@@ -35,6 +35,7 @@
   <flag name='blockio'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml

@@ -34,6 +34,7 @@
   <flag name='blockio'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml

@@ -20,6 +20,7 @@
   <flag name='virtio-scsi-pci'/>
   <flag name='blockio'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml

@@ -44,6 +44,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.6.0.aarch64.xml

@@ -37,6 +37,7 @@
   <flag name='blockio'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml

@@ -34,6 +34,7 @@
   <flag name='blockio'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml

@@ -20,6 +20,7 @@
   <flag name='virtio-scsi-pci'/>
   <flag name='blockio'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml

@@ -20,6 +20,7 @@
   <flag name='virtio-scsi-pci'/>
   <flag name='blockio'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml

@@ -34,6 +34,7 @@
   <flag name='blockio'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml

@@ -20,6 +20,7 @@
   <flag name='virtio-scsi-pci'/>
   <flag name='blockio'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>

tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml

@@ -46,6 +46,7 @@
   <flag name='usb-redir.filter'/>
   <flag name='ide-drive.wwn'/>
   <flag name='scsi-disk.wwn'/>
+  <flag name='seccomp-sandbox'/>
   <flag name='reboot-timeout'/>
   <flag name='seamless-migration'/>
   <flag name='block-commit'/>