[PULL,01/01] seccomp: add semctl() to the syscall whitelist

Message ID	1408610390-815-2-git-send-email-eduardo.otubo@profitbricks.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Eduardo Otubo <eduardo.otubo@profitbricks.com> To: qemu-devel@nongnu.org Date: Thu, 21 Aug 2014 10:39:50 +0200 Message-Id: <1408610390-815-2-git-send-email-eduardo.otubo@profitbricks.com> In-Reply-To: <1408610390-815-1-git-send-email-eduardo.otubo@profitbricks.com> References: <1408610390-815-1-git-send-email-eduardo.otubo@profitbricks.com> Cc: pmoore@redhat.com, Eduardo Otubo <eduardo.otubo@profitbricks.com> Subject: [Qemu-devel] [PULL 01/01] seccomp: add semctl() to the syscall whitelist Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1408610390-815-2-git-send-email-eduardo.otubo@profitbricks.com

State

New

Headers

From: Eduardo Otubo <eduardo.otubo@profitbricks.com>
To: qemu-devel@nongnu.org
Date: Thu, 21 Aug 2014 10:39:50 +0200
Message-Id: <1408610390-815-2-git-send-email-eduardo.otubo@profitbricks.com>
In-Reply-To: <1408610390-815-1-git-send-email-eduardo.otubo@profitbricks.com>
References: <1408610390-815-1-git-send-email-eduardo.otubo@profitbricks.com>
Cc: pmoore@redhat.com, Eduardo Otubo <eduardo.otubo@profitbricks.com>
Subject: [Qemu-devel] [PULL 01/01] seccomp: add semctl() to the syscall
	whitelist
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Eduardo Otubo Aug. 21, 2014, 8:39 a.m. UTC

From: Paul Moore <pmoore@redhat.com>

QEMU needs to call semctl() for correct operation.  This particular
problem was identified on shutdown with the following commandline:

 # qemu -sandbox on -monitor stdio \
   -device intel-hda -device hda-duplex -vnc :0

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
---
 qemu-seccomp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index ea8094d..0503764 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -230,7 +230,8 @@  static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(timerfd_create), 240 },
     { SCMP_SYS(shmctl), 240 },
     { SCMP_SYS(mlock), 240 },
-    { SCMP_SYS(munlock), 240 }
+    { SCMP_SYS(munlock), 240 },
+    { SCMP_SYS(semctl), 240 }
 };
 
 int seccomp_start(void)

[PULL,01/01] seccomp: add semctl() to the syscall whitelist

Commit Message

Patch