* [Qemu-devel] [PATCH] seccomp: add semctl() to the syscall whitelist
@ 2014-08-14 17:19 Paul Moore
0 siblings, 0 replies; only message in thread
From: Paul Moore @ 2014-08-14 17:19 UTC (permalink / raw)
To: qemu-devel, Eduardo Otubo
QEMU needs to call semctl() for correct operation. This particular
problem was identified on shutdown with the following commandline:
# qemu -sandbox on -monitor stdio \
-device intel-hda -device hda-duplex -vnc :0
Signed-off-by: Paul Moore <pmoore@redhat.com>
---
qemu-seccomp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index ea8094d..0503764 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -230,7 +230,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(timerfd_create), 240 },
{ SCMP_SYS(shmctl), 240 },
{ SCMP_SYS(mlock), 240 },
- { SCMP_SYS(munlock), 240 }
+ { SCMP_SYS(munlock), 240 },
+ { SCMP_SYS(semctl), 240 }
};
int seccomp_start(void)
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2014-08-14 17:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-14 17:19 [Qemu-devel] [PATCH] seccomp: add semctl() to the syscall whitelist Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).