[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [Qemu-devel] [PATCH] seccomp: add arch_prctl() to the
|
From: |
Paul Moore |
|
Subject: |
Re: [Qemu-stable] [Qemu-devel] [PATCH] seccomp: add arch_prctl() to the syscall whitelist |
|
Date: |
Mon, 29 Jul 2013 18:12:31 -0400 |
|
User-agent: |
KMail/4.10.5 (Linux/3.10.2-gentoo; KDE/4.10.5; x86_64; ; ) |
On Wednesday, July 24, 2013 03:01:57 PM Eduardo Otubo wrote:
> On 07/23/2013 10:57 AM, Paul Moore wrote:
> > On Thursday, July 18, 2013 09:57:03 AM Paul Moore wrote:
> >> It appears that even a very simple /etc/qemu-ifup configuration can
> >>
> >> require the arch_prctl() syscall, see the example below:
> >> #!/bin/sh
> >> /sbin/ifconfig $1 0.0.0.0 up
> >> /usr/sbin/brctl addif <switch> $1
> >>
> >> Signed-off-by: Paul Moore <address@hidden>
> >
> > As with the other fix, a gentle nudge so this isn't forgotten.
>
> Reviewed and tested.
>
> Reviewed-by: Eduardo Otubo <address@hidden>
Any chance of merging this patch?
> >> ---
> >>
> >> qemu-seccomp.c | 3 ++-
> >> 1 file changed, 2 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> >> index 173d185..9e91c73 100644
> >> --- a/qemu-seccomp.c
> >> +++ b/qemu-seccomp.c
> >> @@ -234,7 +234,8 @@ static const struct QemuSeccompSyscall
> >> seccomp_whitelist[] = { { SCMP_SYS(waitid), 241 },
> >>
> >> { SCMP_SYS(io_cancel), 241 },
> >> { SCMP_SYS(io_setup), 241 },
> >>
> >> - { SCMP_SYS(io_destroy), 241 }
> >> + { SCMP_SYS(io_destroy), 241 },
> >> + { SCMP_SYS(arch_prctl), 240 }
> >>
> >> };
> >>
> >> int seccomp_start(void)
--
paul moore
security and virtualization @ redhat