Message ID | 1373909379-21372-3-git-send-email-otubo@linux.vnet.ibm.com |
---|---|
State | New |
Headers | show |
Sorry for the problem on my keyboard: on the subject, please do s/gtom/from On 07/15/2013 02:29 PM, Eduardo Otubo wrote: > Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> > --- > qemu-seccomp.c | 6 ------ > 1 file changed, 6 deletions(-) > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > index 1d5fd71..bfd372a 100644 > --- a/qemu-seccomp.c > +++ b/qemu-seccomp.c > @@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(lseek), 245 }, > { SCMP_SYS(pselect6), 245 }, > { SCMP_SYS(fork), 245 }, > - { SCMP_SYS(eventfd), 245 }, > { SCMP_SYS(rt_sigprocmask), 245 }, > { SCMP_SYS(write), 244 }, > { SCMP_SYS(fcntl), 243 }, > @@ -125,7 +124,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(writev), 242 }, > { SCMP_SYS(preadv), 242 }, > { SCMP_SYS(pwritev), 242 }, > - { SCMP_SYS(setrlimit), 242 }, > { SCMP_SYS(ftruncate), 242 }, > { SCMP_SYS(lstat), 242 }, > { SCMP_SYS(pipe), 242 }, > @@ -144,7 +142,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(newfstatat), 241 }, > { SCMP_SYS(shutdown), 241 }, > { SCMP_SYS(getsockopt), 241 }, > - { SCMP_SYS(semctl), 241 }, > { SCMP_SYS(semop), 241 }, > { SCMP_SYS(semtimedop), 241 }, > { SCMP_SYS(epoll_ctl_old), 241 }, > @@ -180,7 +177,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(fstatat64), 241 }, > { SCMP_SYS(lstat64), 241 }, > { SCMP_SYS(sendfile64), 241 }, > - { SCMP_SYS(ugetrlimit), 241 }, > { SCMP_SYS(alarm), 241 }, > { SCMP_SYS(rt_sigsuspend), 241 }, > { SCMP_SYS(rt_sigqueueinfo), 241 }, > @@ -192,12 +188,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(lchown), 241 }, > { SCMP_SYS(fchownat), 241 }, > { SCMP_SYS(fstatfs), 241 }, > - { SCMP_SYS(sendfile), 241 }, > { SCMP_SYS(getitimer), 241 }, > { SCMP_SYS(syncfs), 241 }, > { SCMP_SYS(fsync), 241 }, > { SCMP_SYS(fchdir), 241 }, > - { SCMP_SYS(flock), 241 }, > { SCMP_SYS(msync), 241 }, > { SCMP_SYS(sched_setparam), 241 }, > { SCMP_SYS(sched_setscheduler), 241 }, >
Il 15/07/2013 19:29, Eduardo Otubo ha scritto: > Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> > --- > qemu-seccomp.c | 6 ------ > 1 file changed, 6 deletions(-) > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > index 1d5fd71..bfd372a 100644 > --- a/qemu-seccomp.c > +++ b/qemu-seccomp.c > @@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(lseek), 245 }, > { SCMP_SYS(pselect6), 245 }, > { SCMP_SYS(fork), 245 }, > - { SCMP_SYS(eventfd), 245 }, ACK, the one we use is eventfd2 > { SCMP_SYS(rt_sigprocmask), 245 }, > { SCMP_SYS(write), 244 }, > { SCMP_SYS(fcntl), 243 }, > @@ -125,7 +124,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(writev), 242 }, > { SCMP_SYS(preadv), 242 }, > { SCMP_SYS(pwritev), 242 }, > - { SCMP_SYS(setrlimit), 242 }, Used by Xen. > { SCMP_SYS(ftruncate), 242 }, > { SCMP_SYS(lstat), 242 }, > { SCMP_SYS(pipe), 242 }, > @@ -144,7 +142,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(newfstatat), 241 }, > { SCMP_SYS(shutdown), 241 }, > { SCMP_SYS(getsockopt), 241 }, > - { SCMP_SYS(semctl), 241 }, ACK. > { SCMP_SYS(semop), 241 }, > { SCMP_SYS(semtimedop), 241 }, > { SCMP_SYS(epoll_ctl_old), 241 }, > @@ -180,7 +177,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(fstatat64), 241 }, > { SCMP_SYS(lstat64), 241 }, > { SCMP_SYS(sendfile64), 241 }, > - { SCMP_SYS(ugetrlimit), 241 }, Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper calls it? > { SCMP_SYS(alarm), 241 }, > { SCMP_SYS(rt_sigsuspend), 241 }, > { SCMP_SYS(rt_sigqueueinfo), 241 }, > @@ -192,12 +188,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(lchown), 241 }, > { SCMP_SYS(fchownat), 241 }, > { SCMP_SYS(fstatfs), 241 }, > - { SCMP_SYS(sendfile), 241 }, Should probably remove sendfile64 too? > { SCMP_SYS(getitimer), 241 }, > { SCMP_SYS(syncfs), 241 }, > { SCMP_SYS(fsync), 241 }, > { SCMP_SYS(fchdir), 241 }, > - { SCMP_SYS(flock), 241 }, ACK. Paolo > { SCMP_SYS(msync), 241 }, > { SCMP_SYS(sched_setparam), 241 }, > { SCMP_SYS(sched_setscheduler), 241 }, >
On 07/15/2013 05:57 PM, Paolo Bonzini wrote: > Il 15/07/2013 19:29, Eduardo Otubo ha scritto: >> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> >> --- >> qemu-seccomp.c | 6 ------ >> 1 file changed, 6 deletions(-) >> >> diff --git a/qemu-seccomp.c b/qemu-seccomp.c >> index 1d5fd71..bfd372a 100644 >> --- a/qemu-seccomp.c >> +++ b/qemu-seccomp.c >> @@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { >> { SCMP_SYS(lseek), 245 }, >> { SCMP_SYS(pselect6), 245 }, >> { SCMP_SYS(fork), 245 }, >> - { SCMP_SYS(eventfd), 245 }, > > ACK, the one we use is eventfd2 > >> { SCMP_SYS(rt_sigprocmask), 245 }, >> { SCMP_SYS(write), 244 }, >> { SCMP_SYS(fcntl), 243 }, >> @@ -125,7 +124,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { >> { SCMP_SYS(writev), 242 }, >> { SCMP_SYS(preadv), 242 }, >> { SCMP_SYS(pwritev), 242 }, >> - { SCMP_SYS(setrlimit), 242 }, > > Used by Xen. OK > >> { SCMP_SYS(ftruncate), 242 }, >> { SCMP_SYS(lstat), 242 }, >> { SCMP_SYS(pipe), 242 }, >> @@ -144,7 +142,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { >> { SCMP_SYS(newfstatat), 241 }, >> { SCMP_SYS(shutdown), 241 }, >> { SCMP_SYS(getsockopt), 241 }, >> - { SCMP_SYS(semctl), 241 }, > > ACK. > >> { SCMP_SYS(semop), 241 }, >> { SCMP_SYS(semtimedop), 241 }, >> { SCMP_SYS(epoll_ctl_old), 241 }, >> @@ -180,7 +177,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { >> { SCMP_SYS(fstatat64), 241 }, >> { SCMP_SYS(lstat64), 241 }, >> { SCMP_SYS(sendfile64), 241 }, >> - { SCMP_SYS(ugetrlimit), 241 }, > > Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper > calls it? It seems to be a glibc's wrapper, yes. Removing it anyway. > >> { SCMP_SYS(alarm), 241 }, >> { SCMP_SYS(rt_sigsuspend), 241 }, >> { SCMP_SYS(rt_sigqueueinfo), 241 }, >> @@ -192,12 +188,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { >> { SCMP_SYS(lchown), 241 }, >> { SCMP_SYS(fchownat), 241 }, >> { SCMP_SYS(fstatfs), 241 }, >> - { SCMP_SYS(sendfile), 241 }, > > Should probably remove sendfile64 too? Removing sendfile64 as well on v2.
Il 16/07/2013 19:45, Eduardo Otubo ha scritto: >>> >>> - { SCMP_SYS(ugetrlimit), 241 }, >> >> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper >> calls it? > > It seems to be a glibc's wrapper, yes. Removing it anyway. Why if Xen uses it? Paolo
On 07/16/2013 02:49 PM, Paolo Bonzini wrote: > Il 16/07/2013 19:45, Eduardo Otubo ha scritto: >>>> >>>> - { SCMP_SYS(ugetrlimit), 241 }, >>> >>> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper >>> calls it? >> >> It seems to be a glibc's wrapper, yes. Removing it anyway. > > Why if Xen uses it? I'm doing virt-test runs since yesterday, it seems it doesn't use it. > > Paolo >
Il 16/07/2013 20:55, Eduardo Otubo ha scritto: >>>> >>>> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper >>>> calls it? >>> >>> It seems to be a glibc's wrapper, yes. Removing it anyway. >> >> Why if Xen uses it? > > I'm doing virt-test runs since yesterday, it seems it doesn't use it. Did you test Xen, too? Paolo
Ended up my tests were inconclusive. So removing this one from this patch. Resubmited a v3 without it. Thanks for pointing that. On 07/16/2013 02:49 PM, Paolo Bonzini wrote: > Il 16/07/2013 19:45, Eduardo Otubo ha scritto: >>>> >>>> - { SCMP_SYS(ugetrlimit), 241 }, >>> >>> Xen uses getrlimit, not sure what this one is. Perhaps glibc's wrapper >>> calls it? >> >> It seems to be a glibc's wrapper, yes. Removing it anyway. > > Why if Xen uses it? > > Paolo >
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 1d5fd71..bfd372a 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -108,7 +108,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(lseek), 245 }, { SCMP_SYS(pselect6), 245 }, { SCMP_SYS(fork), 245 }, - { SCMP_SYS(eventfd), 245 }, { SCMP_SYS(rt_sigprocmask), 245 }, { SCMP_SYS(write), 244 }, { SCMP_SYS(fcntl), 243 }, @@ -125,7 +124,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(writev), 242 }, { SCMP_SYS(preadv), 242 }, { SCMP_SYS(pwritev), 242 }, - { SCMP_SYS(setrlimit), 242 }, { SCMP_SYS(ftruncate), 242 }, { SCMP_SYS(lstat), 242 }, { SCMP_SYS(pipe), 242 }, @@ -144,7 +142,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(newfstatat), 241 }, { SCMP_SYS(shutdown), 241 }, { SCMP_SYS(getsockopt), 241 }, - { SCMP_SYS(semctl), 241 }, { SCMP_SYS(semop), 241 }, { SCMP_SYS(semtimedop), 241 }, { SCMP_SYS(epoll_ctl_old), 241 }, @@ -180,7 +177,6 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(fstatat64), 241 }, { SCMP_SYS(lstat64), 241 }, { SCMP_SYS(sendfile64), 241 }, - { SCMP_SYS(ugetrlimit), 241 }, { SCMP_SYS(alarm), 241 }, { SCMP_SYS(rt_sigsuspend), 241 }, { SCMP_SYS(rt_sigqueueinfo), 241 }, @@ -192,12 +188,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(lchown), 241 }, { SCMP_SYS(fchownat), 241 }, { SCMP_SYS(fstatfs), 241 }, - { SCMP_SYS(sendfile), 241 }, { SCMP_SYS(getitimer), 241 }, { SCMP_SYS(syncfs), 241 }, { SCMP_SYS(fsync), 241 }, { SCMP_SYS(fchdir), 241 }, - { SCMP_SYS(flock), 241 }, { SCMP_SYS(msync), 241 }, { SCMP_SYS(sched_setparam), 241 }, { SCMP_SYS(sched_setscheduler), 241 },
Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> --- qemu-seccomp.c | 6 ------ 1 file changed, 6 deletions(-)