[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Virtio-fs] [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitel
|
From: |
German Maglione |
|
Subject: |
Re: [Virtio-fs] [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist |
|
Date: |
Mon, 28 Nov 2022 11:17:11 +0100 |
On Mon, Nov 28, 2022 at 10:00 AM Marc Hartmayer <mhartmay@linux.ibm.com> wrote:
>
> German Maglione <gmaglione@redhat.com> writes:
>
> > On Fri, Nov 25, 2022 at 3:40 PM Marc Hartmayer <mhartmay@linux.ibm.com>
> > wrote:
> >>
> >> The virtiofsd currently crashes on s390x. This is because of a
> >> `sigreturn` system call. See audit log below:
> >>
> >> type=SECCOMP msg=audit(1669382477.611:459): auid=4294967295 uid=0 gid=0
> >> ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 pid=6649
> >> comm="virtiofsd" exe="/usr/libexec/virtiofsd" sig=31 arch=80000016
> >> syscall=119 compat=0 ip=0x3fff15f748a code=0x80000000AUID="unset"
> >> UID="root" GID="root" ARCH=s390x SYSCALL=sigreturn
> >>
> >> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
> >> ---
> >> tools/virtiofsd/passthrough_seccomp.c | 1 +
> >> 1 file changed, 1 insertion(+)
> >>
> >> diff --git a/tools/virtiofsd/passthrough_seccomp.c
> >> b/tools/virtiofsd/passthrough_seccomp.c
> >> index 888295c073de..0033dab4939e 100644
> >> --- a/tools/virtiofsd/passthrough_seccomp.c
> >> +++ b/tools/virtiofsd/passthrough_seccomp.c
> >> @@ -110,6 +110,7 @@ static const int syscall_allowlist[] = {
> >> #endif
> >> SCMP_SYS(set_robust_list),
> >> SCMP_SYS(setxattr),
> >> + SCMP_SYS(sigreturn),
> >> SCMP_SYS(symlinkat),
> >> SCMP_SYS(syncfs),
> >> SCMP_SYS(time), /* Rarely needed, except on static builds */
> >> --
> >> 2.34.1
> >>
> >> _______________________________________________
> >> Virtio-fs mailing list
> >> Virtio-fs@redhat.com
> >> https://listman.redhat.com/mailman/listinfo/virtio-fs
> >>
> >
> > Reviewed-by: German Maglione <gmaglione@redhat.com>
>
> Thanks.
>
> >
> > Should we add this also in the rust version?, I see we don't have it
> > enabled either.
>
> Yep - thanks.
Could you test this MR to see if it is ok?
https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/144
Thanks,
--
German
- [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Marc Hartmayer, 2022/11/25
- Re: [Virtio-fs] [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, German Maglione, 2022/11/25
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Stefan Hajnoczi, 2022/11/25
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Dr. David Alan Gilbert, 2022/11/28
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Marc Hartmayer, 2022/11/29
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Dr. David Alan Gilbert, 2022/11/29
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Christian Borntraeger, 2022/11/29
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Christian Borntraeger, 2022/11/29
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Dr. David Alan Gilbert, 2022/11/29
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Stefan Hajnoczi, 2022/11/29
- Re: [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist, Marc Hartmayer, 2022/11/29