thebeanogamer / rpms / qemu-kvm

Forked from rpms/qemu-kvm 5 months ago
Clone
Blob Blame History Raw
From 45031cfb033d0c3941f48acb8c46861f756ab700 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Mon, 27 Jan 2014 21:43:11 +0100
Subject: [PATCH 01/28] seccomp: add mkdir() and fchmod() to the whitelist
RH-Author: Paul Moore <pmoore@redhat.com>
Message-id: <20140127214311.24608.57759.stgit@localhost>
Patchwork-id: 56966
O-Subject: [RHEL7 qemu-kvm PATCH 1/2] seccomp: add mkdir() and fchmod() to the whitelist
Bugzilla: 1026314
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Juan Quintela <quintela@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1026314
Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6956172
Upstream: upstream, see commit IDs
Testing: tested, see BZ
seccomp: add mkdir() and fchmod() to the whitelist
The PulseAudio library attempts to do a mkdir(2) and fchmod(2) on
"/run/user/<UID>/pulse" which is currently blocked by the syscall
filter; this patch adds the two missing syscalls to the whitelist.
You can reproduce this problem with the following command:
# qemu -monitor stdio -device intel-hda -device hda-duplex
If watched under strace the following syscalls are shown:
mkdir("/run/user/0/pulse", 0700)
fchmod(11, 0700) [NOTE: 11 is the fd for /run/user/0/pulse]
Reported-by: xuhan@redhat.com
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
qemu-seccomp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
qemu-seccomp.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index fc48bdd..34a54e4 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -237,7 +237,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(io_cancel), 241 },
{ SCMP_SYS(io_setup), 241 },
{ SCMP_SYS(io_destroy), 241 },
- { SCMP_SYS(arch_prctl), 240 }
+ { SCMP_SYS(arch_prctl), 240 },
+ { SCMP_SYS(mkdir), 240 },
+ { SCMP_SYS(fchmod), 240 }
};
int seccomp_start(void)
--
1.7.1