|
|
9ae3a8 |
From 2dc9b654f678a1cfa95a680f31085cdff1e648b2 Mon Sep 17 00:00:00 2001
|
|
|
9ae3a8 |
From: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
Date: Fri, 22 Apr 2016 05:14:07 +0200
|
|
|
9ae3a8 |
Subject: [PATCH 02/10] seccomp: adding sysinfo system call to whitelist
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
Message-id: <1461302047-6677-1-git-send-email-mrezanin@redhat.com>
|
|
|
9ae3a8 |
Patchwork-id: 70221
|
|
|
9ae3a8 |
O-Subject: [RHEL 7.3 qemu-kvm PATCH] seccomp: adding sysinfo system call to whitelist
|
|
|
9ae3a8 |
Bugzilla: 1177318
|
|
|
9ae3a8 |
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
From: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1177318
|
|
|
9ae3a8 |
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=10914613
|
|
|
9ae3a8 |
RHEV: BZ 1177309, fixed with 2.6 rebase
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call
|
|
|
9ae3a8 |
so qemu using rbd image hang after start when run in sandbox mode.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
To allow using rbd images in sandbox mode we have to whitelist it.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
|
|
|
9ae3a8 |
(cherry picked from commit 8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343)
|
|
|
9ae3a8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
---
|
|
|
9ae3a8 |
qemu-seccomp.c | 1 +
|
|
|
9ae3a8 |
1 file changed, 1 insertion(+)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
|
|
|
9ae3a8 |
index 5e60fce..e947909 100644
|
|
|
9ae3a8 |
--- a/qemu-seccomp.c
|
|
|
9ae3a8 |
+++ b/qemu-seccomp.c
|
|
|
9ae3a8 |
@@ -249,6 +249,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
|
|
|
9ae3a8 |
{ SCMP_SYS(munlock), 240 },
|
|
|
9ae3a8 |
{ SCMP_SYS(semctl), 240 },
|
|
|
9ae3a8 |
{ SCMP_SYS(timerfd_create), 240 },
|
|
|
9ae3a8 |
+ { SCMP_SYS(sysinfo), 240 },
|
|
|
9ae3a8 |
};
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
int seccomp_start(void)
|
|
|
9ae3a8 |
--
|
|
|
9ae3a8 |
1.8.3.1
|
|
|
9ae3a8 |
|