GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/811403/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 811403,
    "url": "http://patchwork.ozlabs.org/api/patches/811403/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20170908091027.9104-6-otubo@redhat.com/",
    "project": {
        "id": 14,
        "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api",
        "name": "QEMU Development",
        "link_name": "qemu-devel",
        "list_id": "qemu-devel.nongnu.org",
        "list_email": "qemu-devel@nongnu.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20170908091027.9104-6-otubo@redhat.com>",
    "list_archive_url": null,
    "date": "2017-09-08T09:10:27",
    "name": "[PATCHv5,5/5] seccomp: add resourcecontrol argument to command line",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "7f739deb1971b846a8eb46ff5b5edbd222fd0dce",
    "submitter": {
        "id": 71779,
        "url": "http://patchwork.ozlabs.org/api/people/71779/?format=api",
        "name": "Eduardo Otubo",
        "email": "otubo@redhat.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20170908091027.9104-6-otubo@redhat.com/mbox/",
    "series": [
        {
            "id": 2143,
            "url": "http://patchwork.ozlabs.org/api/series/2143/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=2143",
            "date": "2017-09-08T09:10:22",
            "name": "seccomp: feature refactoring",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/2143/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/811403/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/811403/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)",
            "ext-mx04.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com",
            "ext-mx04.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=otubo@redhat.com"
        ],
        "Received": [
            "from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xpWrV1jYyz9s82\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri,  8 Sep 2017 19:15:38 +1000 (AEST)",
            "from localhost ([::1]:44023 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1dqFNw-0004ax-DB\n\tfor incoming@patchwork.ozlabs.org; Fri, 08 Sep 2017 05:15:36 -0400",
            "from eggs.gnu.org ([2001:4830:134:3::10]:49076)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <otubo@redhat.com>) id 1dqFJT-0001CV-IS\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 05:11:04 -0400",
            "from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <otubo@redhat.com>) id 1dqFJO-0002yq-M9\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 05:10:59 -0400",
            "from mx1.redhat.com ([209.132.183.28]:50680)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <otubo@redhat.com>) id 1dqFJO-0002y3-Cy\n\tfor qemu-devel@nongnu.org; Fri, 08 Sep 2017 05:10:54 -0400",
            "from smtp.corp.redhat.com\n\t(int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 81FC180461\n\tfor <qemu-devel@nongnu.org>; Fri,  8 Sep 2017 09:10:53 +0000 (UTC)",
            "from vader.redhat.com (ovpn-117-133.ams2.redhat.com\n\t[10.36.117.133])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 80C935D6A4;\n\tFri,  8 Sep 2017 09:10:52 +0000 (UTC)"
        ],
        "DMARC-Filter": "OpenDMARC Filter v1.3.2 mx1.redhat.com 81FC180461",
        "From": "Eduardo Otubo <otubo@redhat.com>",
        "To": "qemu-devel@nongnu.org",
        "Date": "Fri,  8 Sep 2017 11:10:27 +0200",
        "Message-Id": "<20170908091027.9104-6-otubo@redhat.com>",
        "In-Reply-To": "<20170908091027.9104-1-otubo@redhat.com>",
        "References": "<20170908091027.9104-1-otubo@redhat.com>",
        "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.15",
        "X-Greylist": "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.28]);\n\tFri, 08 Sep 2017 09:10:53 +0000 (UTC)",
        "X-detected-operating-system": "by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]",
        "X-Received-From": "209.132.183.28",
        "Subject": "[Qemu-devel] [PATCHv5 5/5] seccomp: add resourcecontrol argument to\n\tcommand line",
        "X-BeenThere": "qemu-devel@nongnu.org",
        "X-Mailman-Version": "2.1.21",
        "Precedence": "list",
        "List-Id": "<qemu-devel.nongnu.org>",
        "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.nongnu.org/archive/html/qemu-devel/>",
        "List-Post": "<mailto:qemu-devel@nongnu.org>",
        "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>",
        "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>",
        "Cc": "thuth@redhat.com",
        "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org",
        "Sender": "\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"
    },
    "content": "This patch adds [,resourcecontrol=deny] to `-sandbox on' option. It\nblacklists all process affinity and scheduler priority system calls to\navoid any bigger of the process.\n\nSigned-off-by: Eduardo Otubo <otubo@redhat.com>\n---\n include/sysemu/seccomp.h |  1 +\n qemu-options.hx          |  9 ++++++---\n qemu-seccomp.c           | 19 +++++++++++++++++++\n vl.c                     | 16 ++++++++++++++++\n 4 files changed, 42 insertions(+), 3 deletions(-)",
    "diff": "diff --git a/include/sysemu/seccomp.h b/include/sysemu/seccomp.h\nindex 3ab5fc4f61..e67c2dc840 100644\n--- a/include/sysemu/seccomp.h\n+++ b/include/sysemu/seccomp.h\n@@ -19,6 +19,7 @@\n #define QEMU_SECCOMP_SET_OBSOLETE    (1 << 1)\n #define QEMU_SECCOMP_SET_PRIVILEGED  (1 << 2)\n #define QEMU_SECCOMP_SET_SPAWN       (1 << 3)\n+#define QEMU_SECCOMP_SET_RESOURCECTL (1 << 4)\n \n #include <seccomp.h>\n \ndiff --git a/qemu-options.hx b/qemu-options.hx\nindex 2b04b9f170..600614f6e5 100644\n--- a/qemu-options.hx\n+++ b/qemu-options.hx\n@@ -4018,7 +4018,7 @@ ETEXI\n \n DEF(\"sandbox\", HAS_ARG, QEMU_OPTION_sandbox, \\\n     \"-sandbox on[,obsolete=allow|deny][,elevateprivileges=allow|deny|children]\\n\" \\\n-    \"          [,spawn=allow|deny]\\n\" \\\n+    \"          [,spawn=allow|deny][,resourcecontrol=allow|deny]\\n\" \\\n     \"                Enable seccomp mode 2 system call filter (default 'off').\\n\" \\\n     \"                use 'obsolete' to allow obsolete system calls that are provided\\n\" \\\n     \"                    by the kernel, but typically no longer used by modern\\n\" \\\n@@ -4028,10 +4028,11 @@ DEF(\"sandbox\", HAS_ARG, QEMU_OPTION_sandbox, \\\n     \"                    The value 'children' will deny set*uid|gid system calls for\\n\" \\\n     \"                    main QEMU process but will allow forks and execves to run unprivileged\\n\" \\\n     \"                use 'spawn' to avoid QEMU to spawn new threads or processes by\\n\" \\\n-    \"                     blacklisting *fork and execve\\n\",\n+    \"                     blacklisting *fork and execve\\n\" \\\n+    \"                use 'resourcecontrol' to disable process affinity and schedular priority\\n\",\n     QEMU_ARCH_ALL)\n STEXI\n-@item -sandbox @var{arg}[,obsolete=@var{string}][,elevateprivileges=@var{string}][,spawn=@var{string}]\n+@item -sandbox @var{arg}[,obsolete=@var{string}][,elevateprivileges=@var{string}][,spawn=@var{string}][,resourcecontrol=@var{string}]\n @findex -sandbox\n Enable Seccomp mode 2 system call filter. 'on' will enable syscall filtering and 'off' will\n disable it.  The default is 'off'.\n@@ -4042,6 +4043,8 @@ Enable Obsolete system calls\n Disable set*uid|gid system calls\n @item spawn=@var{string}\n Disable *fork and execve\n+@item resourcecontrol=@var{string}\n+Disable process affinity and schedular priority\n @end table\n ETEXI\n \ndiff --git a/qemu-seccomp.c b/qemu-seccomp.c\nindex 4c169febf8..e7c19c8165 100644\n--- a/qemu-seccomp.c\n+++ b/qemu-seccomp.c\n@@ -83,6 +83,17 @@ static const struct QemuSeccompSyscall blacklist[] = {\n     { SCMP_SYS(fork),                   8, QEMU_SECCOMP_SET_SPAWN },\n     { SCMP_SYS(vfork),                  8, QEMU_SECCOMP_SET_SPAWN },\n     { SCMP_SYS(execve),                 8, QEMU_SECCOMP_SET_SPAWN },\n+    /* resource control */\n+    { SCMP_SYS(getpriority),            16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(setpriority),            16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(sched_setparam),         16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(sched_getparam),         16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(sched_setscheduler),     16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(sched_getscheduler),     16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(sched_setaffinity),      16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(sched_getaffinity),      16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(sched_get_priority_max), 16, QEMU_SECCOMP_SET_RESOURCECTL },\n+    { SCMP_SYS(sched_get_priority_min), 16, QEMU_SECCOMP_SET_RESOURCECTL },\n };\n \n \n@@ -121,6 +132,14 @@ int seccomp_start(uint32_t seccomp_opts)\n             }\n \n             break;\n+        case QEMU_SECCOMP_SET_RESOURCECTL:\n+            if (seccomp_opts & QEMU_SECCOMP_SET_RESOURCECTL) {\n+                break;\n+            } else {\n+                continue;\n+            }\n+\n+            break;\n         default:\n             break;\n         }\ndiff --git a/vl.c b/vl.c\nindex 0af137da17..ce3883ccb1 100644\n--- a/vl.c\n+++ b/vl.c\n@@ -284,6 +284,10 @@ static QemuOptsList qemu_sandbox_opts = {\n             .name = \"spawn\",\n             .type = QEMU_OPT_STRING,\n         },\n+        {\n+            .name = \"resourcecontrol\",\n+            .type = QEMU_OPT_STRING,\n+        },\n         { /* end of list */ }\n     },\n };\n@@ -1097,6 +1101,18 @@ static int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)\n             }\n         }\n \n+        value = qemu_opt_get(opts, \"resourcecontrol\");\n+        if (value) {\n+            if (g_str_equal(value, \"deny\")) {\n+                seccomp_opts |= QEMU_SECCOMP_SET_RESOURCECTL;\n+            } else if (g_str_equal(value, \"allow\")) {\n+                /* default value */\n+            } else {\n+                error_report(\"invalid argument for resourcecontrol\");\n+                return -1;\n+            }\n+        }\n+\n         if (seccomp_start(seccomp_opts) < 0) {\n             error_report(\"failed to install seccomp syscall filter \"\n                          \"in the kernel\");\n",
    "prefixes": [
        "PATCHv5",
        "5/5"
    ]
}