Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist

From:	Dr. David Alan Gilbert
Subject:	Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist
Date:	Fri, 24 Jan 2020 09:51:26 +0000
User-agent:	Mutt/1.13.0 (2019-11-30)

* Florian Weimer (address@hidden) wrote:
> * David Alan Gilbert:
> 
> > +static const int syscall_whitelist[] = {
> > +    /* TODO ireg sem*() syscalls */
> > +    SCMP_SYS(brk),
> > +    SCMP_SYS(capget), /* For CAP_FSETID */
> > +    SCMP_SYS(capset),
> > +    SCMP_SYS(clock_gettime),
> 
> > +    SCMP_SYS(gettimeofday),
> 
> Is this to suppose to work on 32-bit architectures?  Then you need to
> add the time64 system call variants as well.

I've build tested on 32 but not tried running it; I'd added time(2) after
hitting it on a static build but didn't know of time64 (not that it has
a manpage!).

I'll do a follow up to fix it.

Dave

> Thanks,
> Florian
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 044/109] virtiofsd: check input buffer size in fuse_lowlevel.c ops, (continued)
- [PATCH v2 044/109] virtiofsd: check input buffer size in fuse_lowlevel.c ops, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 046/109] virtiofsd: prevent ".." escape in lo_do_readdir(), Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 047/109] virtiofsd: use /proc/self/fd/ O_PATH file descriptor, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 048/109] virtiofsd: sandbox mount namespace, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 049/109] virtiofsd: move to an empty network namespace, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Dr. David Alan Gilbert (git), 2020/01/21
  - Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Philippe Mathieu-Daudé, 2020/01/21
    - Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Dr. David Alan Gilbert, 2020/01/21
    - Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Philippe Mathieu-Daudé, 2020/01/21
  - Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Florian Weimer, 2020/01/24
    - Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Dr. David Alan Gilbert <=
    - Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Dr. David Alan Gilbert, 2020/01/24
    - Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist, Florian Weimer, 2020/01/24
- [PATCH v2 050/109] virtiofsd: move to a new pid namespace, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 052/109] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 053/109] virtiofsd: cap-ng helpers, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 054/109] virtiofsd: Drop CAP_FSETID if client asked for it, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 055/109] virtiofsd: set maximum RLIMIT_NOFILE limit, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 056/109] virtiofsd: fix libfuse information leaks, Dr. David Alan Gilbert (git), 2020/01/21
- [PATCH v2 057/109] docs: Add docs/tools, Dr. David Alan Gilbert (git), 2020/01/21
  - Re: [PATCH v2 057/109] docs: Add docs/tools, Philippe Mathieu-Daudé, 2020/01/22

Prev by Date: Re: Making QEMU easier for management tools and applications
Next by Date: Re: [PATCH v3 4/4] travis.yml: Enable acceptance KVM tests
Previous by thread: Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist
Next by thread: Re: [PATCH v2 051/109] virtiofsd: add seccomp whitelist
Index(es):
- Date
- Thread