qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/2] seccomp: add mkdir() and fchmod() to the wh

From: Eduardo Otubo
Subject: Re: [Qemu-devel] [PATCH 1/2] seccomp: add mkdir() and fchmod() to the whitelist
Date: Thu, 16 Jan 2014 13:53:40 -0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131028 Thunderbird/17.0.10
I have tested and reviewed both patches. And if nothing more comes up, I'll send a pull request by tomorrow EOD. 

On 01/15/2014 05:38 PM, Paul Moore wrote:

The PulseAudio library attempts to do a mkdir(2) and fchmod(2) on
"/run/user/<UID>/pulse" which is currently blocked by the syscall
filter; this patch adds the two missing syscalls to the whitelist.
You can reproduce this problem with the following command:

  # qemu -monitor stdio -device intel-hda -device hda-duplex

If watched under strace the following syscalls are shown:

  mkdir("/run/user/0/pulse", 0700)
  fchmod(11, 0700) [NOTE: 11 is the fd for /run/user/0/pulse]

Reported-by: address@hidden
Signed-off-by: Paul Moore <address@hidden>
---
  qemu-seccomp.c |    4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index b7c1253..89f244f 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -220,7 +220,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] 
= {
      { SCMP_SYS(io_cancel), 241 },
      { SCMP_SYS(io_setup), 241 },
      { SCMP_SYS(io_destroy), 241 },
-    { SCMP_SYS(arch_prctl), 240 }
+    { SCMP_SYS(arch_prctl), 240 },
+    { SCMP_SYS(mkdir), 240 },
+    { SCMP_SYS(fchmod), 240 }


ACK.

--
Eduardo Otubo
IBM Linux Technology Center
reply via email to
[Prev in Thread] Current Thread [Next in Thread]