yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-seccomp-adding-sysinfo-system-call-to-whitelist.patch

9ae3a8
From 2dc9b654f678a1cfa95a680f31085cdff1e648b2 Mon Sep 17 00:00:00 2001
9ae3a8
From: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
Date: Fri, 22 Apr 2016 05:14:07 +0200
9ae3a8
Subject: [PATCH 02/10] seccomp: adding sysinfo system call to whitelist
9ae3a8
9ae3a8
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
Message-id: <1461302047-6677-1-git-send-email-mrezanin@redhat.com>
9ae3a8
Patchwork-id: 70221
9ae3a8
O-Subject: [RHEL 7.3 qemu-kvm PATCH] seccomp: adding sysinfo system call to whitelist
9ae3a8
Bugzilla: 1177318
9ae3a8
RH-Acked-by: Thomas Huth <thuth@redhat.com>
9ae3a8
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
9ae3a8
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
9ae3a8
9ae3a8
From: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
9ae3a8
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1177318
9ae3a8
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=10914613
9ae3a8
RHEV: BZ 1177309, fixed with 2.6 rebase
9ae3a8
9ae3a8
Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call
9ae3a8
so qemu using rbd image hang after start when run in sandbox mode.
9ae3a8
9ae3a8
To allow using rbd images in sandbox mode we have to whitelist it.
9ae3a8
9ae3a8
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
9ae3a8
(cherry picked from commit 8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343)
9ae3a8
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
9ae3a8
---
9ae3a8
 qemu-seccomp.c | 1 +
9ae3a8
 1 file changed, 1 insertion(+)
9ae3a8
9ae3a8
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
9ae3a8
index 5e60fce..e947909 100644
9ae3a8
--- a/qemu-seccomp.c
9ae3a8
+++ b/qemu-seccomp.c
9ae3a8
@@ -249,6 +249,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
9ae3a8
     { SCMP_SYS(munlock), 240 },
9ae3a8
     { SCMP_SYS(semctl), 240 },
9ae3a8
     { SCMP_SYS(timerfd_create), 240 },
9ae3a8
+    { SCMP_SYS(sysinfo), 240 },
9ae3a8
 };
9ae3a8
 
9ae3a8
 int seccomp_start(void)
9ae3a8
-- 
9ae3a8
1.8.3.1
9ae3a8