From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56091) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1alujp-0002tg-VW for qemu-devel@nongnu.org; Fri, 01 Apr 2016 04:47:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1alujm-0000Us-ME for qemu-devel@nongnu.org; Fri, 01 Apr 2016 04:47:29 -0400 Received: from mail-wm0-x233.google.com ([2a00:1450:400c:c09::233]:33585) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1alujm-0000Uj-Bn for qemu-devel@nongnu.org; Fri, 01 Apr 2016 04:47:26 -0400 Received: by mail-wm0-x233.google.com with SMTP id f198so16417720wme.0 for ; Fri, 01 Apr 2016 01:47:25 -0700 (PDT) Date: Fri, 1 Apr 2016 10:47:22 +0200 From: Eduardo Otubo Message-ID: <20160401084722.GB21348@vader> References: <1457343286-16019-1-git-send-email-mrezanin@redhat.com> <20160311085150.GA24308@vader> <770111402.12416599.1458562665341.JavaMail.zimbra@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pvezYHf7grwyp3Bc" Content-Disposition: inline In-Reply-To: <770111402.12416599.1458562665341.JavaMail.zimbra@redhat.com> Subject: Re: [Qemu-devel] [PATCH] Whitelist sysinfo call List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Miroslav Rezanina Cc: qemu-devel@nongnu.org, armbru@redhat.com --pvezYHf7grwyp3Bc Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 21, 2016 at 08=3D17=3D45AM -0400, Miroslav Rezanina wrote: >=20 >=20 > ----- =E5=85=83=E3=81=AE=E3=83=A1=E3=83=83=E3=82=BB=E3=83=BC=E3=82=B8 ---= -- > > =E5=B7=AE=E5=87=BA=E4=BA=BA: "Eduardo Otubo" > > =E5=AE=9B=E5=85=88: mrezanin@redhat.com > > Cc: qemu-devel@nongnu.org, armbru@redhat.com > > =E9=80=81=E4=BF=A1=E6=B8=88=E3=81=BF: 2016=E5=B9=B43=E6=9C=8811=E6=97= =A5, =E9=87=91=E6=9B=9C=E6=97=A5 =E5=8D=88=E5=89=8D 9:51:50 > > =E4=BB=B6=E5=90=8D: Re: [Qemu-devel] [PATCH] Whitelist sysinfo call > >=20 > > On Mon, Mar 07, 2016 at 10=3D34=3D46AM +0100, mrezanin@redhat.com wrote: > > > From: Miroslav Rezanina > > >=20 > > > Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call > > > so qemu using rbd image hang after start when run in sandbox mode. > > >=20 > > > To allow using rbd images in sandbox mode we have to whitelist it. > > >=20 > > > Signed-off-by: Miroslav Rezanina > > > --- > > > qemu-seccomp.c | 1 + > > > 1 file changed, 1 insertion(+) > > >=20 > > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > > > index 2866e3c..e29fca1 100644 > > > --- a/qemu-seccomp.c > > > +++ b/qemu-seccomp.c > > > @@ -250,6 +250,7 @@ static const struct QemuSeccompSyscall > > > seccomp_whitelist[] =3D { > > > #ifdef HAVE_CACHEFLUSH > > > { SCMP_SYS(cacheflush), 240 }, > > > #endif > > > + { SCMP_SYS(sysinfo), 240 }, > >=20 > > Are you sure you want to add this syscall to the bottom of the list? Did > > you estimate the frequency it is called by running strace? > >=20 > > Thanks for the patch. > >=20 > Hi, >=20 > Yes, it wasn't used before nss update and now is used only for rbd based = images > where it is called just few times upon start so drawback should be minima= l. With > this we do not change cost of other calls. >=20 > Thanks for review and question, > Mirek Ok. So, ACK on this patch. I'll roll out a pull request by the end of the day. Thanks for the contribution. --=20 Eduardo Otubo ProfitBricks GmbH --pvezYHf7grwyp3Bc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJW/jWaAAoJEP0M/1sS+L0v4aoH+wQgfVxBXHt54rV6b9Vz5X1N 9mGGOgMktUZUZAubv/BfybWhOscQcBzUU+EykXjbOtYgxqmESxgeCkBkHJW/jx4Z LL/6DSmSjgOOBmrvFKk/UupbO4AhGGSJsr0+qbksnONLcSRhDQ8RJvlt/VBTmwO6 szZdR5MYQxP3/gbHiDKucOVivafx/Ac2i0bjnQwjcWjhi7gbllSjzHntr6RRuWEt xohtzZnof789PMRJUr8i4tUYTxxBZzRNwJUQZarrmKlH/7Knffy61fCYaf0TcZ+Q YVOL106HVhX1zEOY6LyrMuYkQQhTIDYXuioENi5wFYugbiVng/tlhDnvwSvCcPU= =v5Tv -----END PGP SIGNATURE----- --pvezYHf7grwyp3Bc--