| Message ID | 20131121154015.19948.84926.stgit@localhost |
|---|---|
| State | New |
| Headers | show |
On 11/21/2013 01:40 PM, Paul Moore wrote: > The kill() syscall is triggered with the following command: > > # qemu -sandbox on -monitor stdio \ > -device intel-hda -device hda-duplex -vnc :0 > > The resulting syslog/audit message: > > # ausearch -m SECCOMP > ---- > time->Wed Nov 20 09:52:08 2013 > type=SECCOMP msg=audit(1384912328.482:6656): auid=0 uid=0 gid=0 ses=854 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087 > comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0 > # scmp_sys_resolver 62 > kill > > Reported-by: CongLi <coli@redhat.com> > Tested-by: CongLi <coli@redhat.com> > Signed-off-by: Paul Moore <pmoore@redhat.com> > --- > qemu-seccomp.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > index 69cee44..cf07869 100644 > --- a/qemu-seccomp.c > +++ b/qemu-seccomp.c > @@ -114,6 +114,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(write), 244 }, > { SCMP_SYS(fcntl), 243 }, > { SCMP_SYS(tgkill), 242 }, > + { SCMP_SYS(kill), 242 }, > { SCMP_SYS(rt_sigaction), 242 }, > { SCMP_SYS(pipe2), 242 }, > { SCMP_SYS(munmap), 242 }, > ACK, Reviewed and tested. (I'll send a pull request tomorrow EOD) Reviewed-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
On Thursday, November 21, 2013 02:40:48 PM Eduardo Otubo wrote: > On 11/21/2013 01:40 PM, Paul Moore wrote: > > The kill() syscall is triggered with the following command: > > # qemu -sandbox on -monitor stdio \ > > > > -device intel-hda -device hda-duplex -vnc :0 > > > > The resulting syslog/audit message: > > # ausearch -m SECCOMP > > ---- > > time->Wed Nov 20 09:52:08 2013 > > type=SECCOMP msg=audit(1384912328.482:6656): auid=0 uid=0 gid=0 ses=854 > > > > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087 > > comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0 > > > > # scmp_sys_resolver 62 > > kill > > > > Reported-by: CongLi <coli@redhat.com> > > Tested-by: CongLi <coli@redhat.com> > > Signed-off-by: Paul Moore <pmoore@redhat.com> > > --- > > > > qemu-seccomp.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > > index 69cee44..cf07869 100644 > > --- a/qemu-seccomp.c > > +++ b/qemu-seccomp.c > > @@ -114,6 +114,7 @@ static const struct QemuSeccompSyscall > > seccomp_whitelist[] = {> > > { SCMP_SYS(write), 244 }, > > { SCMP_SYS(fcntl), 243 }, > > { SCMP_SYS(tgkill), 242 }, > > > > + { SCMP_SYS(kill), 242 }, > > > > { SCMP_SYS(rt_sigaction), 242 }, > > { SCMP_SYS(pipe2), 242 }, > > { SCMP_SYS(munmap), 242 }, > > ACK, Reviewed and tested. > (I'll send a pull request tomorrow EOD) > > Reviewed-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> Ping?
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 69cee44..cf07869 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -114,6 +114,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(write), 244 }, { SCMP_SYS(fcntl), 243 }, { SCMP_SYS(tgkill), 242 }, + { SCMP_SYS(kill), 242 }, { SCMP_SYS(rt_sigaction), 242 }, { SCMP_SYS(pipe2), 242 }, { SCMP_SYS(munmap), 242 },
The kill() syscall is triggered with the following command: # qemu -sandbox on -monitor stdio \ -device intel-hda -device hda-duplex -vnc :0 The resulting syslog/audit message: # ausearch -m SECCOMP ---- time->Wed Nov 20 09:52:08 2013 type=SECCOMP msg=audit(1384912328.482:6656): auid=0 uid=0 gid=0 ses=854 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087 comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0 # scmp_sys_resolver 62 kill Reported-by: CongLi <coli@redhat.com> Tested-by: CongLi <coli@redhat.com> Signed-off-by: Paul Moore <pmoore@redhat.com> --- qemu-seccomp.c | 1 + 1 file changed, 1 insertion(+)