On Thu, Dec 17, 2020 at 1:41 PM Paolo Bonzini wrote: > Signed-off-by: Paolo Bonzini > --- > and improve CONFIG_SECCOMP usage. Reviewed-by: Marc-André Lureau configure | 32 ++++---------------------------- > meson.build | 10 ++++++---- > meson_options.txt | 2 ++ > softmmu/meson.build | 2 +- > softmmu/qemu-seccomp.c | 2 -- > tools/meson.build | 4 ++-- > 6 files changed, 15 insertions(+), 37 deletions(-) > > diff --git a/configure b/configure > index 649da881a2..00c2d61a96 100755 > --- a/configure > +++ b/configure > @@ -414,7 +414,7 @@ debug_stack_usage="no" > crypto_afalg="no" > cfi="false" > cfi_debug="false" > -seccomp="$default_feature" > +seccomp="auto" > glusterfs="auto" > gtk="$default_feature" > gtk_gl="no" > @@ -1356,9 +1356,9 @@ for opt do > ;; > --disable-tools) want_tools="no" > ;; > - --enable-seccomp) seccomp="yes" > + --enable-seccomp) seccomp="enabled" > ;; > - --disable-seccomp) seccomp="no" > + --disable-seccomp) seccomp="disabled" > ;; > --disable-glusterfs) glusterfs="disabled" > ;; > @@ -2458,24 +2458,6 @@ EOF > fi > fi > > -########################################## > -# libseccomp check > - > -if test "$seccomp" != "no" ; then > - libseccomp_minver="2.3.0" > - if $pkg_config --atleast-version=$libseccomp_minver libseccomp ; then > - seccomp_cflags="$($pkg_config --cflags libseccomp)" > - seccomp_libs="$($pkg_config --libs libseccomp)" > - seccomp="yes" > - else > - if test "$seccomp" = "yes" ; then > - feature_not_found "libseccomp" \ > - "Install libseccomp devel >= $libseccomp_minver" > - fi > - seccomp="no" > - fi > -fi > - > ########################################## > # xen probe > > @@ -6053,12 +6035,6 @@ if test "$avx512f_opt" = "yes" ; then > echo "CONFIG_AVX512F_OPT=y" >> $config_host_mak > fi > > -if test "$seccomp" = "yes"; then > - echo "CONFIG_SECCOMP=y" >> $config_host_mak > - echo "SECCOMP_CFLAGS=$seccomp_cflags" >> $config_host_mak > - echo "SECCOMP_LIBS=$seccomp_libs" >> $config_host_mak > -fi > - > # XXX: suppress that > if [ "$bsd" = "yes" ] ; then > echo "CONFIG_BSD=y" >> $config_host_mak > @@ -6606,7 +6582,7 @@ NINJA=$ninja $meson setup \ > -Dcurl=$curl -Dglusterfs=$glusterfs -Dbzip2=$bzip2 > -Dlibiscsi=$libiscsi \ > -Dlibnfs=$libnfs -Diconv=$iconv -Dcurses=$curses > -Dlibudev=$libudev\ > -Dlibssh=$libssh -Drbd=$rbd -Dlzo=$lzo -Dsnappy=$snappy > -Dlzfse=$lzfse \ > - -Dzstd=$zstd \ > + -Dzstd=$zstd -Dseccomp=$seccomp \ > -Ddocs=$docs -Dsphinx_build=$sphinx_build -Dinstall_blobs=$blobs \ > -Dvhost_user_blk_server=$vhost_user_blk_server \ > -Dfuse=$fuse -Dfuse_lseek=$fuse_lseek \ > diff --git a/meson.build b/meson.build > index 93a95d7a7f..a0132730d7 100644 > --- a/meson.build > +++ b/meson.build > @@ -329,9 +329,10 @@ if 'CONFIG_ATTR' in config_host > libattr = declare_dependency(link_args: > config_host['LIBATTR_LIBS'].split()) > endif > seccomp = not_found > -if 'CONFIG_SECCOMP' in config_host > - seccomp = declare_dependency(compile_args: > config_host['SECCOMP_CFLAGS'].split(), > - link_args: > config_host['SECCOMP_LIBS'].split()) > +if not get_option('libiscsi').auto() or have_system or have_tools > + seccomp = dependency('libseccomp', version: '>=2.3.0', > + required: get_option('seccomp'), > + method: 'pkg-config', static: enable_static) > endif > libcap_ng = not_found > if 'CONFIG_LIBCAP_NG' in config_host > @@ -993,6 +994,7 @@ config_host_data.set('HAVE_LIBSSH_0_8', > have_libssh_0_8) > config_host_data.set('CONFIG_RBD', rbd.found()) > config_host_data.set('CONFIG_SDL', sdl.found()) > config_host_data.set('CONFIG_SDL_IMAGE', sdl_image.found()) > +config_host_data.set('CONFIG_SECCOMP', seccomp.found()) > config_host_data.set('CONFIG_SNAPPY', snappy.found()) > config_host_data.set('CONFIG_VHOST_USER_BLK_SERVER', > have_vhost_user_blk_server) > config_host_data.set('CONFIG_VNC', vnc.found()) > @@ -2361,7 +2363,7 @@ if targetos == 'windows' > summary_info += {'QGA w32 disk info': > config_host.has_key('CONFIG_QGA_NTDDSCSI')} > summary_info += {'QGA MSI support': > config_host.has_key('CONFIG_QGA_MSI')} > endif > -summary_info += {'seccomp support': > config_host.has_key('CONFIG_SECCOMP')} > +summary_info += {'seccomp support': seccomp.found()} > summary_info += {'CFI support': get_option('cfi')} > summary_info += {'CFI debug support': get_option('cfi_debug')} > summary_info += {'coroutine backend': > config_host['CONFIG_COROUTINE_BACKEND']} > diff --git a/meson_options.txt b/meson_options.txt > index 5a1de9b1fe..1854a9639f 100644 > --- a/meson_options.txt > +++ b/meson_options.txt > @@ -74,6 +74,8 @@ option('sdl', type : 'feature', value : 'auto', > description: 'SDL user interface') > option('sdl_image', type : 'feature', value : 'auto', > description: 'SDL Image support for icons') > +option('seccomp', type : 'feature', value : 'auto', > + description: 'seccomp support') > option('snappy', type : 'feature', value : 'auto', > description: 'snappy compression support') > option('u2f', type : 'feature', value : 'auto', > diff --git a/softmmu/meson.build b/softmmu/meson.build > index 2dab6c7eb6..d8e03018ab 100644 > --- a/softmmu/meson.build > +++ b/softmmu/meson.build > @@ -28,5 +28,5 @@ softmmu_ss.add(files( > ), sdl, libpmem, libdaxctl) > > softmmu_ss.add(when: 'CONFIG_TPM', if_true: files('tpm.c')) > -softmmu_ss.add(when: 'CONFIG_SECCOMP', if_true: [files('qemu-seccomp.c'), > seccomp]) > +softmmu_ss.add(when: seccomp, if_true: files('qemu-seccomp.c')) > softmmu_ss.add(when: fdt, if_true: files('device_tree.c')) > diff --git a/softmmu/qemu-seccomp.c b/softmmu/qemu-seccomp.c > index 8325ecb766..377ef6937c 100644 > --- a/softmmu/qemu-seccomp.c > +++ b/softmmu/qemu-seccomp.c > @@ -202,7 +202,6 @@ static int seccomp_start(uint32_t seccomp_opts, Error > **errp) > return rc < 0 ? -1 : 0; > } > > -#ifdef CONFIG_SECCOMP > int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp) > { > if (qemu_opt_get_bool(opts, "enable", false)) { > @@ -328,4 +327,3 @@ static void seccomp_register(void) > } > } > opts_init(seccomp_register); > -#endif > diff --git a/tools/meson.build b/tools/meson.build > index 76bf84df52..5c52d79fe4 100644 > --- a/tools/meson.build > +++ b/tools/meson.build > @@ -1,6 +1,6 @@ > have_virtiofsd = (targetos == 'linux' and > have_tools and > - 'CONFIG_SECCOMP' in config_host and > + seccomp.found() and > 'CONFIG_LIBCAP_NG' in config_host and > 'CONFIG_VHOST_USER' in config_host) > > @@ -8,7 +8,7 @@ if get_option('virtiofsd').enabled() > if not have_virtiofsd > if targetos != 'linux' > error('virtiofsd requires Linux') > - elif 'CONFIG_SECCOMP' not in config_host or 'CONFIG_LIBCAP_NG' not in > config_host > + elif not seccomp.found() or 'CONFIG_LIBCAP_NG' not in config_host > error('virtiofsd requires libcap-ng-devel and seccomp-devel') > elif not have_tools or 'CONFIG_VHOST_USER' not in config_host > error('virtiofsd needs tools and vhost-user support') > -- > 2.29.2 > > >