From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46933)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <serge.hallyn@ubuntu.com>) id 1apiJU-0004em-Jq
	for qemu-devel@nongnu.org; Mon, 11 Apr 2016 16:20:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <serge.hallyn@ubuntu.com>) id 1apiJQ-0006Wi-Jt
	for qemu-devel@nongnu.org; Mon, 11 Apr 2016 16:20:00 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:36198)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <serge.hallyn@ubuntu.com>) id 1apiJQ-0006WN-DV
	for qemu-devel@nongnu.org; Mon, 11 Apr 2016 16:19:56 -0400
Date: Mon, 11 Apr 2016 20:19:52 +0000
From: Serge Hallyn <serge.hallyn@ubuntu.com>
Message-ID: <20160411201952.GA5606@ubuntumail>
References: <1457343286-16019-1-git-send-email-mrezanin@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1457343286-16019-1-git-send-email-mrezanin@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] Whitelist sysinfo call
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: mrezanin@redhat.com
Cc: qemu-devel@nongnu.org, armbru@redhat.com

Quoting mrezanin@redhat.com (mrezanin@redhat.com):
> From: Miroslav Rezanina <mrezanin@redhat.com>
> 
> Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call
> so qemu using rbd image hang after start when run in sandbox mode.
> 
> To allow using rbd images in sandbox mode we have to whitelist it.
> 
> Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

Thanks.

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

> ---
>  qemu-seccomp.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index 2866e3c..e29fca1 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -250,6 +250,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
>  #ifdef HAVE_CACHEFLUSH
>      { SCMP_SYS(cacheflush), 240 },
>  #endif
> +    { SCMP_SYS(sysinfo), 240 },
>  };
>  
>  int seccomp_start(void)
> -- 
> 2.5.0
> 
>