From 38a4a6fb83fc002980bda2b47662997181607579 Mon Sep 17 00:00:00 2001

From: Paul Moore <pmoore@redhat.com>

Date: Mon, 27 Jan 2014 21:43:17 +0100

Subject: [PATCH 02/28] seccomp: add some basic shared memory syscalls to the whitelist

RH-Author: Paul Moore <pmoore@redhat.com>

Message-id: <20140127214317.24608.67441.stgit@localhost>

Patchwork-id: 56967

O-Subject: [RHEL7 qemu-kvm PATCH 2/2] seccomp: add some basic shared memory syscalls to the whitelist

Bugzilla: 1026314

RH-Acked-by: Laszlo Ersek <lersek@redhat.com>

RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>

RH-Acked-by: Juan Quintela <quintela@redhat.com>

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1026314

Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6956172

Upstream: upstream, see commit IDs

Testing: tested, see BZ

	seccomp: add some basic shared memory syscalls to the whitelist

	PulseAudio requires the use of shared memory so add shmget(), shmat(),

	and shmdt() to the syscall whitelist.

	Reported-by: xuhan@redhat.com

	Signed-off-by: Paul Moore <pmoore@redhat.com>

---

 qemu-seccomp.c |    5 ++++-

 1 file changed, 4 insertions(+), 1 deletion(-)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 qemu-seccomp.c |    5 ++++-

 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c

index 34a54e4..3a2fbed 100644

--- a/qemu-seccomp.c

+++ b/qemu-seccomp.c

@@ -239,7 +239,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {

     { SCMP_SYS(io_destroy), 241 },

     { SCMP_SYS(arch_prctl), 240 },

     { SCMP_SYS(mkdir), 240 },

-    { SCMP_SYS(fchmod), 240 }

+    { SCMP_SYS(fchmod), 240 },

+    { SCMP_SYS(shmget), 240 },

+    { SCMP_SYS(shmat), 240 },

+    { SCMP_SYS(shmdt), 240 }

 };

 int seccomp_start(void)

-- 

1.7.1