[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] f73ade: seccomp: whitelist syscalls fallocate
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] f73ade: seccomp: whitelist syscalls fallocate(), fadvise64... |
|
Date: |
Tue, 11 Nov 2014 09:30:06 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: f73adec7097ebdbc7168453e638735391a6f7112
https://github.com/qemu/qemu/commit/f73adec7097ebdbc7168453e638735391a6f7112
Author: Philipp Gesang <address@hidden>
Date: 2014-11-11 (Tue, 11 Nov 2014)
Changed paths:
M qemu-seccomp.c
Log Message:
-----------
seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and
inotify_add_watch()
fallocate() is needed for snapshotting. If it isn’t whitelisted
$ qemu-img create -f qcow2 x.qcow 1G
Formatting 'x.qcow', fmt=qcow2 size=1073741824 encryption=off
cluster_size=65536 lazy_refcounts=off
$ qemu-kvm -display none -monitor stdio -sandbox on x.qcow
QEMU 2.1.50 monitor - type 'help' for more information
(qemu) savevm foo
(qemu) loadvm foo
will fail, as will subsequent savevm commands on the same image.
fadvise64(), inotify_init1(), inotify_add_watch() are needed by
the SDL display. Without the whitelist entries,
qemu-kvm -sandbox on
fails immediately.
In my tests fadvise64() is called 50--51 times per VM run. That
number seems independent of the duration of the run. fallocate(),
inotify_init1(), inotify_add_watch() are called once each.
Accordingly, they are added to the whitelist at a very low
priority.
Signed-off-by: Philipp Gesang <address@hidden>
Signed-off-by: Eduardo Otubo <address@hidden>
Commit: 4cc47f8b3cc4f32586ba2f7fce1dc267da774a69
https://github.com/qemu/qemu/commit/4cc47f8b3cc4f32586ba2f7fce1dc267da774a69
Author: Eduardo Otubo <address@hidden>
Date: 2014-11-11 (Tue, 11 Nov 2014)
Changed paths:
M configure
Log Message:
-----------
seccomp: change configure to avoid arm 32 to break
Current stable version of libseccomp (2.1.1) only supports i386 and
x86_64 archs correctly. This patch limits the usage of the syscall
filter for those archs and updates to the correct last version of
libseccomp.
This patch also fixes the bug:
https://bugs.launchpad.net/qemu/+bug/1363641
Signed-off-by: Eduardo Otubo <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Acked-by: Paul Moore <address@hidden>
Commit: 7f06a3b14df50d85118d8a7439dcd3229822e19c
https://github.com/qemu/qemu/commit/7f06a3b14df50d85118d8a7439dcd3229822e19c
Author: Peter Maydell <address@hidden>
Date: 2014-11-11 (Tue, 11 Nov 2014)
Changed paths:
M configure
M qemu-seccomp.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20141111' into
staging
seccomp branch queue
# gpg: Signature made Tue 11 Nov 2014 16:12:48 GMT using RSA key ID 12F8BD2F
# gpg: Can't check signature: public key not found
* remotes/otubo/tags/pull-seccomp-20141111:
seccomp: change configure to avoid arm 32 to break
seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and
inotify_add_watch()
Signed-off-by: Peter Maydell <address@hidden>
Commit: e0d0041ec6dce1b8bfb3f66e9e4b8b9cd7e34806
https://github.com/qemu/qemu/commit/e0d0041ec6dce1b8bfb3f66e9e4b8b9cd7e34806
Author: Peter Maydell <address@hidden>
Date: 2014-11-11 (Tue, 11 Nov 2014)
Changed paths:
M VERSION
Log Message:
-----------
Update version for v2.2.0-rc1 release
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/776346cd63e5...e0d0041ec6dc
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] f73ade: seccomp: whitelist syscalls fallocate(), fadvise64...,
GitHub <=