| Message ID | 12706b1f-c5ab-268b-1100-e36600be9b5c@gameservers.com |
|---|---|
| State | New |
| Headers | show |
On Wed, Sep 7, 2016 at 9:55 PM, Brian Rak <brak@gameservers.com> wrote: > --- src_clean/qemu-seccomp.c 2016-09-02 11:34:22.000000000 -0400 > +++ src/qemu-seccomp.c 2016-09-06 11:28:23.189162653 -0400 > @@ -65,6 +65,7 @@ > { SCMP_SYS(prctl), 245 }, > { SCMP_SYS(signalfd), 245 }, > { SCMP_SYS(getrlimit), 245 }, > + { SCMP_SYS(getrusage), 245 }, > { SCMP_SYS(set_tid_address), 245 }, > { SCMP_SYS(statfs), 245 }, > { SCMP_SYS(unlink), 245 }, Hi, Care to send a proper commit message, stating the use case, issues, etc? Thanks, > > > On 9/6/2016 12:43 PM, Eduardo Otubo wrote: > > This feature is enabled by default in virt-test/avocado and yes lots of > people use it. > > Please send a patch and I'll merge it. > > > On Tue, Sep 6, 2016, 18:41 Brian Rak <brak@gameservers.com> wrote: >> >> I've been testing out 2.7.0 with seccomp support. Whenever I connect to >> the VNC console, the process gets killed by the kernel. dmesg shows: >> >> audit: type=1326 audit(1473175350.674:2): auid=0 uid=107 gid=107 >> ses=423110 pid=32202 comm="qemu-kvm" exe="/bin/qemu-system-x86_64" >> sig=31 arch=c000003e syscall=98 compat=0 ip=0x7f2beba83477 code=0x0 >> >> syscall 98 appears to be getrusage, which does not appear in >> qemu-seccomp.c. >> >> Is seccomp a supported feature these days? I'm guessing it does not get >> a whole lot of use. >> >> >
--- src_clean/qemu-seccomp.c 2016-09-02 11:34:22.000000000 -0400 +++ src/qemu-seccomp.c 2016-09-06 11:28:23.189162653 -0400 @@ -65,6 +65,7 @@ { SCMP_SYS(prctl), 245 }, { SCMP_SYS(signalfd), 245 }, { SCMP_SYS(getrlimit), 245 }, + { SCMP_SYS(getrusage), 245 }, { SCMP_SYS(set_tid_address), 245 }, { SCMP_SYS(statfs), 245 }, { SCMP_SYS(unlink), 245 },