From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:38890) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TU715-0000ju-Nr for qemu-devel@nongnu.org; Thu, 01 Nov 2012 22:29:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TU714-0007Bt-CW for qemu-devel@nongnu.org; Thu, 01 Nov 2012 22:29:51 -0400 Received: from e24smtp03.br.ibm.com ([32.104.18.24]:52277) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TU713-00074m-Vy for qemu-devel@nongnu.org; Thu, 01 Nov 2012 22:29:50 -0400 Received: from /spool/local by e24smtp03.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 2 Nov 2012 00:29:41 -0200 Received: from d24relay02.br.ibm.com (d24relay02.br.ibm.com [9.13.184.26]) by d24dlp02.br.ibm.com (Postfix) with ESMTP id 50CB31DC001A for ; Thu, 1 Nov 2012 22:29:39 -0400 (EDT) Received: from d24av05.br.ibm.com (d24av05.br.ibm.com [9.18.232.44]) by d24relay02.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id qA22TYK438338682 for ; Fri, 2 Nov 2012 00:29:35 -0200 Received: from d24av05.br.ibm.com (loopback [127.0.0.1]) by d24av05.br.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id qA22Tcqv008316 for ; Fri, 2 Nov 2012 00:29:38 -0200 Date: Fri, 2 Nov 2012 00:29:37 -0200 From: Eduardo Otubo Message-ID: <20121102022936.GC6863@bluepex.com> References: <1350971732-16621-1-git-send-email-otubo@linux.vnet.ibm.com> <2070927.ckAog9Xh3T@sifl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <2070927.ckAog9Xh3T@sifl> Subject: Re: [Qemu-devel] [PATCHv2 1/4] Adding new syscalls (bugzilla 855162) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paul Moore Cc: aliguori@us.ibm.com, coreyb@linux.vnet.ibm.com, qemu-devel@nongnu.org On Thu, Nov 01, 2012 at 05:43:03PM -0400, Paul Moore wrote: > On Tuesday, October 23, 2012 03:55:29 AM Eduardo Otubo wrote: > > According to the bug 855162[0] - there's the need of adding new syscalls > > to the whitelist whenn using Qemu with Libvirt. > > > > [0] - https://bugzilla.redhat.com/show_bug.cgi?id=855162 > > > > v2: Adding new syscalls to the list: readlink, rt_sigpending, and > > rt_sigtimedwait > > > > Reported-by: Paul Moore > > Signed-off-by: Eduardo Otubo > > --- > > qemu-seccomp.c | 13 ++++++++++++- > > 1 file changed, 12 insertions(+), 1 deletion(-) > > I had an opportunity to test this patchset on a F17 machine using QEMU 1.2 and > unfortunately it still fails. I'm using a relatively basic guest > configuration running F16, the details are documented in the RH BZ that > Eduardo mentioned in the patch description. > > Eduardo, I assume you are not able to reproduce this? Unfortunately no. But we have the v3 patchset coming soon with new syscalls and we're hoping to get this fixed. Thanks for the feedback Paul! > > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > > index 64329a3..a7b33e2 100644 > > --- a/qemu-seccomp.c > > +++ b/qemu-seccomp.c > > @@ -45,6 +45,13 @@ static const struct QemuSeccompSyscall > > seccomp_whitelist[] = { { SCMP_SYS(access), 245 }, > > { SCMP_SYS(prctl), 245 }, > > { SCMP_SYS(signalfd), 245 }, > > + { SCMP_SYS(getrlimit), 245 }, > > + { SCMP_SYS(set_tid_address), 245 }, > > + { SCMP_SYS(socketpair), 245 }, > > + { SCMP_SYS(statfs), 245 }, > > + { SCMP_SYS(unlink), 245 }, > > + { SCMP_SYS(wait4), 245 }, > > + { SCMP_SYS(getuid), 245 }, > > #if defined(__i386__) > > { SCMP_SYS(fcntl64), 245 }, > > { SCMP_SYS(fstat64), 245 }, > > @@ -107,7 +114,11 @@ static const struct QemuSeccompSyscall > > seccomp_whitelist[] = { { SCMP_SYS(getsockname), 242 }, > > { SCMP_SYS(getpeername), 242 }, > > { SCMP_SYS(fdatasync), 242 }, > > - { SCMP_SYS(close), 242 } > > + { SCMP_SYS(close), 242 }, > > + { SCMP_SYS(accept4), 242 }, > > + { SCMP_SYS(readlink), 242 }, > > + { SCMP_SYS(rt_sigpending), 242 }, > > + { SCMP_SYS(rt_sigtimedwait), 242 } > > }; > > > > int seccomp_start(void) > -- > paul moore > security and virtualization @ redhat > -- Eduardo Otubo Software Engineer Linux Technology Center IBM Systems & Technology Group