This can certainly be useful in various situations! However, wholesale enabling get-task-allow will enable other processes on the system to inject code, connect a debugger, etc. to the Qemu process. Normally, this is only something you'd enable for builds that are specifically intended for debugging. I'm not sure users running Qemu in production environments will necessarily appreciate this - do we perhaps want to gate this behind a build configuration flag?
(Related: Would it perhaps make more sense to dynamically generate/preprocess the entitlements file based on configuration flags than have a bunch of variants of the file? You'll end up with a combinatorial explosion sooner or later - I'm also thinking of com.apple.vm.networking and com.apple.vm.device-access which we can't enable by default because they require Apple to grant the entitlement but which currently require patching if you have those entitlements.)
What do you think?
Phil
QEMU is allowed to generate coredump on other POSIX OSes,
bring that functionality to macOS. Admin users still need
to enable the kern.coredump sysctl manually running:
% sudo sysctl kern.coredump=1
the normal users have to enable their shell running:
% ulimit -c unlimited
Reference used:
https://nasa.github.io/trick/howto_guides/How-to-dump-core-file-on-MacOS.html
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
Cc: Alexander Graf <agraf@csgraf.de>
Cc: Akihiko Odaki <akihiko.odaki@daynix.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Phil Dennis-Jordan <phil@philjordan.eu>
Cc: Roman Bolshakov <roman@roolebo.dev>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Francesco Cagnin <fcagnin@quarkslab.com>
---
MAINTAINERS | 2 ++
meson.build | 6 ++++--
accel/hvf/entitlements.plist | 2 ++
accel/tcg/entitlements.plist | 8 ++++++++
4 files changed, 16 insertions(+), 2 deletions(-)
create mode 100644 accel/tcg/entitlements.plist
diff --git a/MAINTAINERS b/MAINTAINERS
index d5ff6c2498e..c6f57d77b19 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -611,6 +611,8 @@ M: Philippe Mathieu-Daudé <philmd@linaro.org>
S: Odd Fixes
F: .gitlab-ci.d/cirrus/macos-*
F: */*.m
+F: accel/tcg/entitlements.plist
+F: accel/hvf/entitlements.plist
F: scripts/entitlement.sh
Alpha Machines
diff --git a/meson.build b/meson.build
index a1e51277b09..aae35e93420 100644
--- a/meson.build
+++ b/meson.build
@@ -3983,9 +3983,11 @@ foreach target : target_dirs
]
if 'CONFIG_HVF' in config_target
entitlements = 'accel/hvf/entitlements.plist'
- build_input += files(entitlements)
- install_input += meson.current_source_dir() / entitlements
+ else
+ entitlements = 'accel/tcg/entitlements.plist'
endif
+ build_input += files(entitlements)
+ install_input += meson.current_source_dir() / entitlements
emulators += {exe['name'] : custom_target(exe['name'],
input: build_input,
diff --git a/accel/hvf/entitlements.plist b/accel/hvf/entitlements.plist
index 154f3308ef2..af4bb45dbea 100644
--- a/accel/hvf/entitlements.plist
+++ b/accel/hvf/entitlements.plist
@@ -4,5 +4,7 @@
<dict>
<key>com.apple.security.hypervisor</key>
<true/>
+ <key>com.apple.security.get-task-allow</key>
+ <true/>
</dict>
</plist>
diff --git a/accel/tcg/entitlements.plist b/accel/tcg/entitlements.plist
new file mode 100644
index 00000000000..9acd12816c9
--- /dev/null
+++ b/accel/tcg/entitlements.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.security.get-task-allow</key>
+ <true/>
+</dict>
+</plist>
--
2.41.0