From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39369)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1WLZqv-0002F2-Lh
	for qemu-devel@nongnu.org; Thu, 06 Mar 2014 10:04:59 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1WLZqk-0005I3-ML
	for qemu-devel@nongnu.org; Thu, 06 Mar 2014 10:04:53 -0500
Received: from mx1.redhat.com ([209.132.183.28]:46974)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1WLZqk-0005Hz-Eq
	for qemu-devel@nongnu.org; Thu, 06 Mar 2014 10:04:42 -0500
From: Paul Moore <pmoore@redhat.com>
Date: Thu, 06 Mar 2014 09:50:17 -0500
Message-ID: <20140306145017.1761.50037.stgit@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [PATCH] seccomp: add getrusage() to the syscall
 whitelist for Open vSwitch
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, otubo@linux.vnet.ibm.com

When QEMU is used with Open vSwitch it is common to create netdev
script and downscript scripts that use the ovs-vsctl command to manage
the underlying network devices.  Unfortunately, ovs-vsctl calls the
getrusage() syscall which is not currently present in the QEMU/seccomp
whistelist.

Signed-off-by: Paul Moore <pmoore@redhat.com>
---
 qemu-seccomp.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index caa926e..86210a4 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -225,7 +225,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(fchmod), 240 },
     { SCMP_SYS(shmget), 240 },
     { SCMP_SYS(shmat), 240 },
-    { SCMP_SYS(shmdt), 240 }
+    { SCMP_SYS(shmdt), 240 },
+    { SCMP_SYS(getrusage), 240 }
 };
 
 int seccomp_start(void)