[Qemu-devel] [PATCH 26/56] seccomp: add the asynchronous I/O syscalls to the whitelist

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: aliguori@us.ibm.com, qemu-stable@nongnu.org
Subject: [Qemu-devel] [PATCH 26/56] seccomp: add the asynchronous I/O syscalls to the whitelist
Date: Tue, 13 Aug 2013 10:10:50 -0500	[thread overview]
Message-ID: <1376406680-16302-27-git-send-email-mdroth@linux.vnet.ibm.com> (raw)
In-Reply-To: <1376406680-16302-1-git-send-email-mdroth@linux.vnet.ibm.com>

From: Paul Moore <pmoore@redhat.com>

In order to enable the asynchronous I/O functionality when using the
seccomp sandbox we need to add the associated syscalls to the
whitelist.

Signed-off-by: Paul Moore <pmoore@redhat.com>
Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Message-id: 20130529203001.20939.83322.stgit@localhost
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit fd21faadb12669e24eaf0a277de61c24fcde4cac)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 qemu-seccomp.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 031da1d..ca123bf 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -87,6 +87,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(stat), 245 },
     { SCMP_SYS(uname), 245 },
     { SCMP_SYS(eventfd2), 245 },
+    { SCMP_SYS(io_getevents), 245 },
     { SCMP_SYS(dup), 245 },
     { SCMP_SYS(dup2), 245 },
     { SCMP_SYS(dup3), 245 },
@@ -229,7 +230,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(sendmmsg), 241 },
     { SCMP_SYS(recvmmsg), 241 },
     { SCMP_SYS(prlimit64), 241 },
-    { SCMP_SYS(waitid), 241 }
+    { SCMP_SYS(waitid), 241 },
+    { SCMP_SYS(io_setup), 241 },
+    { SCMP_SYS(io_destroy), 241 }
 };
 
 int seccomp_start(void)
-- 
1.7.9.5

next prev parent reply	other threads:[~2013-08-13 15:12 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-13 15:10 [Qemu-devel] Patch Round-up for stable 1.5.3, freeze on 2013-08-16 Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 01/56] s390/virtio-ccw: Fix virtio reset Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 02/56] arm/boot: Free dtb blob memory after use Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 03/56] ppc: do not register IABR SPR twice for 603e Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 04/56] qxl: Fix QXLRam initialisation Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 05/56] virtio-scsi: forward scsibus for virtio-scsi-pci Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 06/56] acl: acl_add can't insert before last list element, fix Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 07/56] usb-host-libusb: set USB_DEV_FLAG_IS_HOST Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 08/56] s390/ipl: Fix boot order Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 09/56] Fix iSCSI crash on SG_IO with an iovector Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 10/56] block/ssh: Set bdrv_has_zero_init according to the file type Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 11/56] gluster: Return bdrv_has_zero_init = 0 Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 12/56] vmdk: remove wrong calculation of relative path Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 13/56] Revert "migration: do not sent zero pages in bulk stage" Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 14/56] migration: do not overwrite zero pages Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 15/56] raw-posix: Fix /dev/cdrom magic on OS X Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 16/56] kvmclock: clock should count only if vm is running Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 17/56] qemu-char: Fix ID reuse after chardev-remove for qapi-based init Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 18/56] target-cris: gen_intermediate_code_internal() should be inlined Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 19/56] target-lm32: " Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 20/56] target-microblaze: " Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 21/56] target-moxie: " Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 22/56] target-xtensa: " Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 23/56] block: fix bdrv_flush() ordering in bdrv_close() Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 24/56] target-openrisc: Fix typename in openrisc_cpu_class_by_name() Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 25/56] qom: Fix class cast of NULL classes Michael Roth
2013-08-13 15:10 ` Michael Roth [this message]
2013-08-13 15:10 ` [Qemu-devel] [PATCH 27/56] qapi: qapi-commands: fix possible leaks on visitor dealloc Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 28/56] ahci: Fix FLUSH command Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 29/56] iscsi: fix -ENOSPC in iscsi_create() Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 30/56] iscsi: remove support for misaligned nb_sectors in aio_readv Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 31/56] iscsi: assert that sectors are aligned to LUN blocksize Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 32/56] block: Add return value for bdrv_flush_all() Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 33/56] cpus: Add return value for vm_stop() Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 34/56] cpus: Let vm_stop[_force_state]() always flush block devices Michael Roth
2013-08-13 15:10 ` [Qemu-devel] [PATCH 35/56] megasas: Legacy command line handling fix Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 36/56] gtk: don't use g_object_unref on GdkCursor Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 37/56] gtk: Fix compiler warning (GTK 3 deprecated function) Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 38/56] dataplane: refuse to start if device is already in use Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 39/56] xhci: handle USB_RET_IOERROR Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 40/56] qemu-char: Register ring buffer driver with correct name "ringbuf" Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 41/56] qapi: Rename ChardevBackend member "memory" to "ringbuf" Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 42/56] virtio-console: Use exitfn for virtserialport, too Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 43/56] pci-bridge: update mappings for migration/restore Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 44/56] xhci: fix segfault Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 45/56] chardev: fix CHR_EVENT_OPENED events for mux chardevs Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 46/56] seccomp: add arch_prctl() to the syscall whitelist Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 47/56] seccomp: add additional asynchronous I/O syscalls Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 48/56] iov: handle EOF in iov_send_recv Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 49/56] target-i386: Fix X86CPU error handling Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 50/56] ignore SIGPIPE in qemu-img and qemu-io Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 51/56] semaphore: fix a hangup problem under load on NetBSD hosts Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 52/56] Bugfix for loading multiboot kernels Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 53/56] i82801b11: Fix i82801b11 PCI host bridge config space Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 54/56] dataplane: sync virtio.c and vring.c virtqueue state Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 55/56] virtio: clear signalled_used_valid when switching from dataplane Michael Roth
2013-08-13 15:11 ` [Qemu-devel] [PATCH 56/56] vhost: clear signalled_used_valid on vhost stop Michael Roth
2013-08-14  4:05 ` [Qemu-devel] [Qemu-stable] Patch Round-up for stable 1.5.3, freeze on 2013-08-16 Doug Goldstein
2013-08-14 15:02   ` Michael Roth

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:031da1d dfblob:ca123bf )
 OR (
bs:"[Qemu-devel] [PATCH 26/56] seccomp: add the asynchronous I/O syscalls to the whitelist" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1376406680-16302-27-git-send-email-mdroth@linux.vnet.ibm.com \
    --to=mdroth@linux.vnet.ibm.com \
    --cc=aliguori@us.ibm.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-stable@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).