[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCHv2 1/4] Adding new syscalls (bugzilla 855162)
From: |
Paul Moore |
Subject: |
Re: [Qemu-devel] [PATCHv2 1/4] Adding new syscalls (bugzilla 855162) |
Date: |
Thu, 01 Nov 2012 17:43:03 -0400 |
User-agent: |
KMail/4.9.2 (Linux/3.6.4-gentoo; KDE/4.9.2; x86_64; ; ) |
On Tuesday, October 23, 2012 03:55:29 AM Eduardo Otubo wrote:
> According to the bug 855162[0] - there's the need of adding new syscalls
> to the whitelist whenn using Qemu with Libvirt.
>
> [0] - https://bugzilla.redhat.com/show_bug.cgi?id=855162
>
> v2: Adding new syscalls to the list: readlink, rt_sigpending, and
> rt_sigtimedwait
>
> Reported-by: Paul Moore <address@hidden>
> Signed-off-by: Eduardo Otubo <address@hidden>
> ---
> qemu-seccomp.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
I had an opportunity to test this patchset on a F17 machine using QEMU 1.2 and
unfortunately it still fails. I'm using a relatively basic guest
configuration running F16, the details are documented in the RH BZ that
Eduardo mentioned in the patch description.
Eduardo, I assume you are not able to reproduce this?
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index 64329a3..a7b33e2 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -45,6 +45,13 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = { { SCMP_SYS(access), 245 },
> { SCMP_SYS(prctl), 245 },
> { SCMP_SYS(signalfd), 245 },
> + { SCMP_SYS(getrlimit), 245 },
> + { SCMP_SYS(set_tid_address), 245 },
> + { SCMP_SYS(socketpair), 245 },
> + { SCMP_SYS(statfs), 245 },
> + { SCMP_SYS(unlink), 245 },
> + { SCMP_SYS(wait4), 245 },
> + { SCMP_SYS(getuid), 245 },
> #if defined(__i386__)
> { SCMP_SYS(fcntl64), 245 },
> { SCMP_SYS(fstat64), 245 },
> @@ -107,7 +114,11 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = { { SCMP_SYS(getsockname), 242 },
> { SCMP_SYS(getpeername), 242 },
> { SCMP_SYS(fdatasync), 242 },
> - { SCMP_SYS(close), 242 }
> + { SCMP_SYS(close), 242 },
> + { SCMP_SYS(accept4), 242 },
> + { SCMP_SYS(readlink), 242 },
> + { SCMP_SYS(rt_sigpending), 242 },
> + { SCMP_SYS(rt_sigtimedwait), 242 }
> };
>
> int seccomp_start(void)
--
paul moore
security and virtualization @ redhat
- Re: [Qemu-devel] [PATCHv2 1/4] Adding new syscalls (bugzilla 855162),
Paul Moore <=