From 2dc9b654f678a1cfa95a680f31085cdff1e648b2 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Fri, 22 Apr 2016 05:14:07 +0200 Subject: [PATCH 02/10] seccomp: adding sysinfo system call to whitelist RH-Author: Miroslav Rezanina Message-id: <1461302047-6677-1-git-send-email-mrezanin@redhat.com> Patchwork-id: 70221 O-Subject: [RHEL 7.3 qemu-kvm PATCH] seccomp: adding sysinfo system call to whitelist Bugzilla: 1177318 RH-Acked-by: Thomas Huth RH-Acked-by: Markus Armbruster RH-Acked-by: Stefan Hajnoczi From: Miroslav Rezanina Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1177318 Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=10914613 RHEV: BZ 1177309, fixed with 2.6 rebase Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call so qemu using rbd image hang after start when run in sandbox mode. To allow using rbd images in sandbox mode we have to whitelist it. Signed-off-by: Miroslav Rezanina Acked-by: Eduardo Otubo (cherry picked from commit 8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343) Signed-off-by: Miroslav Rezanina --- qemu-seccomp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 5e60fce..e947909 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -249,6 +249,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(munlock), 240 }, { SCMP_SYS(semctl), 240 }, { SCMP_SYS(timerfd_create), 240 }, + { SCMP_SYS(sysinfo), 240 }, }; int seccomp_start(void) -- 1.8.3.1