From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45136) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZsEWU-0008Bk-OM for qemu-devel@nongnu.org; Fri, 30 Oct 2015 14:35:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZsEWQ-0004Eu-Nx for qemu-devel@nongnu.org; Fri, 30 Oct 2015 14:35:34 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36040) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZsEWQ-0004Em-Fy for qemu-devel@nongnu.org; Fri, 30 Oct 2015 14:35:30 -0400 Date: Fri, 30 Oct 2015 13:35:22 -0500 From: Andrew Jones Message-ID: <20151030183522.GG8197@hawk.localdomain> References: <1446212690-7656-1-git-send-email-eduardo.otubo@profitbricks.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PULL 00/05] seccomp branch queue List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: namnamc@safe-mail.net, Dann Frazier , QEMU Developers , Eduardo Otubo On Fri, Oct 30, 2015 at 04:30:05PM +0000, Peter Maydell wrote: > On 30 October 2015 at 13:44, Eduardo Otubo > wrote: > > The following changes since commit c49d3411faae8ffaab8f7e5db47405a008= 411c10: > > > > Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2015-10= -12' into staging (2015-10-13 10:42:06 +0100) > > > > are available in the git repository at: > > > > git://github.com/otubo/qemu.git tags/pull-seccomp-20151030 > > > > for you to fetch changes up to b1e1f0bbe7268d0bb8f63da220b41803b2e540= 81: > > > > seccomp: loosen library version dependency (2015-10-30 14:33:00 +01= 00) > > > > ---------------------------------------------------------------- > > seccomp branch queue > > > > ---------------------------------------------------------------- >=20 > Hi. I'm afraid this fails to build on x86 Linux: >=20 > /home/petmay01/linaro/qemu-for-merges/qemu-seccomp.c:241:8: error: > =E2=80=98__NR_cacheflush=E2=80=99 undeclared here (not in a function) > { SCMP_SYS(cacheflush), 240 }, Ugh... Of course we can't have a common seccomp syscall table and differ= ent atleast-versions for different architectures... So x86 only requires 2.1.= 0, but libseccomp didn't know about cacheflush until 2.2.1, and we require 2= .2.3 for other reasons. Ideally, we'd compose the seccomp syscall table by sta= rting with a common base (something 2.1.0 knows about) and then add an architec= ture specific table, and maybe even a machine-type specific table. That's pret= ty easy to do, we just need a list of tables, but as it's a framework change= and will touch many places, then I don't expect it to be a super quick job...= I think in the interim the fix for patch 1/5 of this series is something like shown below. If there are no objections, then I'll send it. drew diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 80d034a8d5190..e76097e958779 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -16,6 +16,10 @@ #include #include "sysemu/seccomp.h" =20 +#if SCMP_VER_MAJOR >=3D 2 && SCMP_VER_MINOR >=3D 2 && SCMP_VER_MICRO >=3D= 3 +#define HAVE_CACHEFLUSH +#endif + struct QemuSeccompSyscall { int32_t num; uint8_t priority; @@ -238,7 +242,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] =3D { { SCMP_SYS(inotify_init1), 240 }, { SCMP_SYS(inotify_add_watch), 240 }, - { SCMP_SYS(mbind), 240 } + { SCMP_SYS(mbind), 240 }, +#ifdef HAVE_CACHEFLUSH + { SCMP_SYS(cacheflush), 240 }, +#endif }; =20 int seccomp_start(void)