From e95603940674bdb0d59c58f9a7fac3ea97c56d88 Mon Sep 17 00:00:00 2001 From: Paul Moore <pmoore@redhat.com> Date: Wed, 2 Oct 2013 20:09:33 +0200 Subject: [PATCH 10/25] seccomp: fine tuning whitelist by adding times() RH-Author: Paul Moore <pmoore@redhat.com> Message-id: <20131002200933.4639.16090.stgit@localhost> Patchwork-id: 54645 O-Subject: [RHEL7 qemu-kvm PATCH] seccomp: fine tuning whitelist by adding times() Bugzilla: 1004175 RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com> RH-Acked-by: Bandan Das <bsd@redhat.com> RH-Acked-by: Luiz Capitulino <lcapitulino@redhat.com> Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6362319 Upstream: In QEMU/seccomp maintainer's tree git://github.com/otubo/qemu.git#seccomp Tested: Tested by myself, IBM, and original BZ reporter; see BZ. commit: c236f4519c9838801798f3705c17dce9ab9e3b9d From: Eduardo Otubo <otubo@linux.vnet.ibm.com> Date: 2013-09-04 09:21:12 -0300 seccomp: fine tuning whitelist by adding times() This was causing Qemu process to hang when using -sandbox on as discribed on RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> Tested-by: Paul Moore <pmoore@redhat.com> Acked-by: Paul Moore <pmoore@redhat.com> --- qemu-seccomp.c | 1 + 1 file changed, 1 insertion(+) Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> --- qemu-seccomp.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 9e91c73..ca15f21 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -98,6 +98,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, + { SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- 1.7.1