mbox

[PULL,00/01] Adding new syscalls to seccomp whitelist

Message ID 1411132929-9691-1-git-send-email-eduardo.otubo@profitbricks.com
State New
Headers show

Pull-request

git://github.com/otubo/qemu.git tags/goto-upstream

Message

Eduardo Otubo Sept. 19, 2014, 1:22 p.m. UTC 
The following changes since commit 10e11f4d2bf171f99c6b13883a510acfbc5dd585:

  Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-09-18 20:02:01 +0100)

are available in the git repository at:


  git://github.com/otubo/qemu.git tags/goto-upstream

for you to fetch changes up to 021db05e6cb0683b12779ff519c7d857620c9e8f:

  seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() (2014-09-19 14:32:46 +0200)

----------------------------------------------------------------
Adding new syscalls to seccomp whitelist: fallocate(), fadvise64(), inotify_init1() and inotify_add_watch().

----------------------------------------------------------------
Philipp Gesang (1):
      seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch()

 qemu-seccomp.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Peter Maydell Sept. 19, 2014, 2:15 p.m. UTC | #1 
On 19 September 2014 06:22, Eduardo Otubo
<eduardo.otubo@profitbricks.com> wrote:
> The following changes since commit 10e11f4d2bf171f99c6b13883a510acfbc5dd585:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-09-18 20:02:01 +0100)
>
> are available in the git repository at:
>
>
>   git://github.com/otubo/qemu.git tags/goto-upstream
>
> for you to fetch changes up to 021db05e6cb0683b12779ff519c7d857620c9e8f:
>
>   seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() (2014-09-19 14:32:46 +0200)
>
> ----------------------------------------------------------------
> Adding new syscalls to seccomp whitelist: fallocate(), fadvise64(), inotify_init1() and inotify_add_watch().
>
> ----------------------------------------------------------------
> Philipp Gesang (1):
>       seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch()
>
>  qemu-seccomp.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)

...how about fixing your compile errors on non-x86 platforms
before adding more stuff here?

thanks
-- PMM
Eduardo Otubo Sept. 19, 2014, 2:38 p.m. UTC | #2 
On Fri, Sep 19, 2014 at 4:15 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 19 September 2014 06:22, Eduardo Otubo
> <eduardo.otubo@profitbricks.com> wrote:
>> The following changes since commit 10e11f4d2bf171f99c6b13883a510acfbc5dd585:
>>
>>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging (2014-09-18 20:02:01 +0100)
>>
>> are available in the git repository at:
>>
>>
>>   git://github.com/otubo/qemu.git tags/goto-upstream
>>
>> for you to fetch changes up to 021db05e6cb0683b12779ff519c7d857620c9e8f:
>>
>>   seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() (2014-09-19 14:32:46 +0200)
>>
>> ----------------------------------------------------------------
>> Adding new syscalls to seccomp whitelist: fallocate(), fadvise64(), inotify_init1() and inotify_add_watch().
>>
>> ----------------------------------------------------------------
>> Philipp Gesang (1):
>>       seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch()
>>
>>  qemu-seccomp.c | 6 +++++-
>>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> ...how about fixing your compile errors on non-x86 platforms
> before adding more stuff here?

Hm, indeed. I should have double checked that. Thanks for pointing that out.

Philipp, can you fix this, please?

Regards,
Peter Maydell Sept. 19, 2014, 3:11 p.m. UTC | #3 
On 19 September 2014 07:38, Eduardo Otubo
<eduardo.otubo@profitbricks.com> wrote:
> On Fri, Sep 19, 2014 at 4:15 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
>> ...how about fixing your compile errors on non-x86 platforms
>> before adding more stuff here?
>
> Hm, indeed. I should have double checked that. Thanks for pointing that out.
>
> Philipp, can you fix this, please?

You have compile problems in current master as well. Your macros
probably need to guard themselves on whether the syscall they're
adding to the list actually exists on the host.
(See bug https://bugs.launchpad.net/qemu/+bug/1363641 -- select
doesn't exist as a syscall on all archs.)

thanks
-- PMM
Eduardo Otubo Oct. 22, 2014, 8:04 a.m. UTC | #4 
On Fri, Sep 19, 2014 at 08:11:14AM -0700, Peter Maydell wrote:
> On 19 September 2014 07:38, Eduardo Otubo
> <eduardo.otubo@profitbricks.com> wrote:
> > On Fri, Sep 19, 2014 at 4:15 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> >> ...how about fixing your compile errors on non-x86 platforms
> >> before adding more stuff here?
> >
> > Hm, indeed. I should have double checked that. Thanks for pointing that out.
> >
> > Philipp, can you fix this, please?
> 
> You have compile problems in current master as well. Your macros
> probably need to guard themselves on whether the syscall they're
> adding to the list actually exists on the host.
> (See bug https://bugs.launchpad.net/qemu/+bug/1363641 -- select
> doesn't exist as a syscall on all archs.)

The fix for that problem is upstream at libseccomp. The maintainer has
no plans yet to make a new release, though. Once he does a release nad
fix this issue, I'll go and resubmit this pull request.

Thanks,
Peter Maydell Oct. 22, 2014, 10:02 a.m. UTC | #5 
On 22 October 2014 09:04, Eduardo Otubo <eduardo.otubo@profitbricks.com> wrote:
> On Fri, Sep 19, 2014 at 08:11:14AM -0700, Peter Maydell wrote:
>> You have compile problems in current master as well. Your macros
>> probably need to guard themselves on whether the syscall they're
>> adding to the list actually exists on the host.
>> (See bug https://bugs.launchpad.net/qemu/+bug/1363641 -- select
>> doesn't exist as a syscall on all archs.)
>
> The fix for that problem is upstream at libseccomp. The maintainer has
> no plans yet to make a new release, though. Once he does a release nad
> fix this issue, I'll go and resubmit this pull request.

The bug is already in QEMU master, so that needs a fix now
regardless of the status of this new patch.

thanks
-- PMM
Peter Maydell Nov. 5, 2014, 1:19 p.m. UTC | #6 
On 22 October 2014 11:02, Peter Maydell <peter.maydell@linaro.org> wrote:
> On 22 October 2014 09:04, Eduardo Otubo <eduardo.otubo@profitbricks.com> wrote:
>> On Fri, Sep 19, 2014 at 08:11:14AM -0700, Peter Maydell wrote:
>>> You have compile problems in current master as well. Your macros
>>> probably need to guard themselves on whether the syscall they're
>>> adding to the list actually exists on the host.
>>> (See bug https://bugs.launchpad.net/qemu/+bug/1363641 -- select
>>> doesn't exist as a syscall on all archs.)
>>
>> The fix for that problem is upstream at libseccomp. The maintainer has
>> no plans yet to make a new release, though. Once he does a release nad
>> fix this issue, I'll go and resubmit this pull request.
>
> The bug is already in QEMU master, so that needs a fix now
> regardless of the status of this new patch.

Ping! You still need to fix this for QEMU 2.2 (minimally, by
disabling seccomp in configure for hosts it won't work on).

thanks
-- PMM