run: Setting --qemu_sandbox=on by default

This commit sets the Qemu sandboxing to 'on' by default. It allows the user to run all tests using this feature to catch missing system calls and providing more feedback to the general security of Qemu. Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
autotest · Oct 22, 2013 · 50e1f7d · 50e1f7d
1 parent 357a8f6
commit 50e1f7d
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/run b/run
@@ -304,7 +304,7 @@ class VirtTestRunParser(optparse.OptionParser):
                               ". If -c is provided, this will be ignored. "
                               "Default: %default"))
         qemu.add_option("--qemu_sandbox", action="store", dest="qemu_sandbox",
-                        default="off",
+                        default="on",
                         help=("Enable qemu sandboxing "
                               "(on/off). Default: %default"))
         self.add_option_group(qemu)
@@ -504,10 +504,10 @@ class VirtTestApp(object):
 
     def _process_qemu_sandbox(self):
         if not self.options.config:
-            if self.options.qemu_sandbox == "on":
-                self.cartesian_parser.assign("qemu_sandbox","on")
+            if self.options.qemu_sandbox == "off":
+                self.cartesian_parser.assign("qemu_sandbox","off")
         else:
-            logging.info("Config provided, ignoring \"--sandbox on\" option")
+            logging.info("Config provided, ignoring \"--sandbox <on|off>\" option")
 
     def _process_malloc_perturb(self):
         self.cartesian_parser.assign("malloc_perturb",

diff --git a/virttest/qemu_vm.py b/virttest/qemu_vm.py
@@ -354,9 +354,13 @@ def _add_option(option, value, option_type=None, first=False):
         def add_name(devices, name):
             return " -name '%s'" % name
 
-        def add_sandbox(devices):
-            if devices.has_option("sandbox"):
-                return " -sandbox on "
+        def process_sandbox(devices, action):
+            if action == "add":
+                if devices.has_option("sandbox"):
+                    return " -sandbox on "
+            elif action == "rem":
+                if devices.has_option("sandbox"):
+                    return " -sandbox off "
 
         def add_human_monitor(devices, monitor_name, filename):
             if not devices.has_option("chardev"):
@@ -1066,8 +1070,11 @@ def add_numa_node(devices, mem=None, cpus=None, nodeid=None):
         # Add the VM's name
         devices.insert(StrDev('vmname', cmdline=add_name(devices, name)))
 
-        if params.get("sandbox", "off") == "on":
-            devices.insert(StrDev('sandbox', cmdline=add_sandbox(devices)))
+        if params.get("qemu_sandbox", "on") == "on":
+            devices.insert(StrDev('sandbox', cmdline=process_sandbox(devices, "add")))
+        elif params.get("sandbox", "off") == "off":
+            devices.insert(StrDev('qemu_sandbox', cmdline=process_sandbox(devices, "rem")))
+
 
         devs = devices.machine_by_params(params)
         for dev in devs: