From patchwork Tue Aug 13 15:11:10 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Roth <mdroth@linux.vnet.ibm.com>
X-Patchwork-Id: 266857
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (unknown [IPv6:2001:4830:134:3::12])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 3D8982C00E9
	for <incoming@patchwork.ozlabs.org>;
	Wed, 14 Aug 2013 01:33:10 +1000 (EST)
Received: from localhost ([::1]:51417 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1V9Gaq-0000j9-4G
	for incoming@patchwork.ozlabs.org; Tue, 13 Aug 2013 11:33:08 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60784)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1V9GHH-0005w7-Df
	for qemu-devel@nongnu.org; Tue, 13 Aug 2013 11:13:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1V9GH6-0004BS-K8
	for qemu-devel@nongnu.org; Tue, 13 Aug 2013 11:12:55 -0400
Received: from mail-oa0-x22e.google.com ([2607:f8b0:4003:c02::22e]:39446)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <flukshun@gmail.com>)
	id 1V9GH6-0004BI-EN; Tue, 13 Aug 2013 11:12:44 -0400
Received: by mail-oa0-f46.google.com with SMTP id l10so11399603oag.5
	for <multiple recipients>; Tue, 13 Aug 2013 08:12:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=KNTpUi8FJ0nnqyGJN9If12yV2djT72RQWuaKtyqKFF8=;
	b=GwhrVyFAJ74wi6l2EpYey2XuYqe5YBliYWamkt5k8dwexJn6/sAy1Jv8xGLQLTYWcK
	wP9YzFtvJvexwcHBvP+LaRZmi+Xgd7qoMieY9j9TUF0ca9EI1y3VQBbDf5YJUER0n1KP
	0fKK0LQpxJVWEm4rPiicAwVVxe2JUcXHarGKPhCwjD8inaqjYuZXcc8R8m+e6aFNLtaN
	YKKMZ55NYw+idAfd4bhfhr06gcA5IGbEY0REyr2A3/3jpqDXGoWAfMU5chSLM+Zb2ZUJ
	9T3lQqCKHJ2JsKd0CID1rsHPHklJYTn4p0YqmeyHTLSXcx+RvF79lxrPGNxcp/auN7st
	+1/A==
X-Received: by 10.60.52.81 with SMTP id r17mr4826937oeo.3.1376406763984;
	Tue, 13 Aug 2013 08:12:43 -0700 (PDT)
Received: from loki.austin.ibm.com ([32.97.110.51])
	by mx.google.com with ESMTPSA id
	uz16sm12947878obc.5.2013.08.13.08.12.42 for <multiple recipients>
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Tue, 13 Aug 2013 08:12:43 -0700 (PDT)
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Tue, 13 Aug 2013 10:11:10 -0500
Message-Id: <1376406680-16302-47-git-send-email-mdroth@linux.vnet.ibm.com>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1376406680-16302-1-git-send-email-mdroth@linux.vnet.ibm.com>
References: <1376406680-16302-1-git-send-email-mdroth@linux.vnet.ibm.com>
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2607:f8b0:4003:c02::22e
Cc: aliguori@us.ibm.com, qemu-stable@nongnu.org
Subject: [Qemu-devel] [PATCH 46/56] seccomp: add arch_prctl() to the syscall
	whitelist
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: Paul Moore <pmoore@redhat.com>

It appears that even a very simple /etc/qemu-ifup configuration can
require the arch_prctl() syscall, see the example below:

	#!/bin/sh
	/sbin/ifconfig $1 0.0.0.0 up
	/usr/sbin/brctl addif <switch> $1

Signed-off-by: Paul Moore <pmoore@redhat.com>
Reviewed-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Message-id: 20130718135703.8247.19213.stgit@localhost
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit d2509b667caf482b6f827ff2645cbeb9b39ce29e)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 qemu-seccomp.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index ca123bf..a7fb139 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -232,7 +232,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(prlimit64), 241 },
     { SCMP_SYS(waitid), 241 },
     { SCMP_SYS(io_setup), 241 },
-    { SCMP_SYS(io_destroy), 241 }
+    { SCMP_SYS(io_destroy), 241 },
+    { SCMP_SYS(arch_prctl), 240 }
 };
 
 int seccomp_start(void)