yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone
Blob Blame History Raw
From e95603940674bdb0d59c58f9a7fac3ea97c56d88 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Wed, 2 Oct 2013 20:09:33 +0200
Subject: [PATCH 10/25] seccomp: fine tuning whitelist by adding times()

RH-Author: Paul Moore <pmoore@redhat.com>
Message-id: <20131002200933.4639.16090.stgit@localhost>
Patchwork-id: 54645
O-Subject: [RHEL7 qemu-kvm PATCH] seccomp: fine tuning whitelist by adding times()
Bugzilla: 1004175
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
RH-Acked-by: Bandan Das <bsd@redhat.com>
RH-Acked-by: Luiz Capitulino <lcapitulino@redhat.com>

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6362319
Upstream: In QEMU/seccomp maintainer's tree
          git://github.com/otubo/qemu.git#seccomp
Tested: Tested by myself, IBM, and original BZ reporter; see BZ.

	commit: c236f4519c9838801798f3705c17dce9ab9e3b9d
	From: Eduardo Otubo <otubo@linux.vnet.ibm.com>
	Date: 2013-09-04 09:21:12 -0300

	seccomp: fine tuning whitelist by adding times()

	This was causing Qemu process to hang when using -sandbox on as
	discribed on RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175

	Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
	Tested-by: Paul Moore <pmoore@redhat.com>
	Acked-by: Paul Moore <pmoore@redhat.com>
---
 qemu-seccomp.c |    1 +
 1 file changed, 1 insertion(+)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 qemu-seccomp.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 9e91c73..ca15f21 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -98,6 +98,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(getuid), 245 },
     { SCMP_SYS(geteuid), 245 },
     { SCMP_SYS(timer_create), 245 },
+    { SCMP_SYS(times), 245 },
     { SCMP_SYS(exit), 245 },
     { SCMP_SYS(clock_gettime), 245 },
     { SCMP_SYS(time), 245 },
-- 
1.7.1