From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48513)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1V3vgH-0005zn-ND
	for qemu-devel@nongnu.org; Mon, 29 Jul 2013 18:12:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pmoore@redhat.com>) id 1V3vgB-0000IH-O2
	for qemu-devel@nongnu.org; Mon, 29 Jul 2013 18:12:41 -0400
From: Paul Moore <pmoore@redhat.com>
Date: Mon, 29 Jul 2013 18:12:31 -0400
Message-ID: <50933690.2TKEEXfQDf@sifl>
In-Reply-To: <51F01695.6070801@linux.vnet.ibm.com>
References: <20130718135703.8247.19213.stgit@localhost>
	<7859073.tKPvLxPtrm@sifl> <51F01695.6070801@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [Qemu-devel] [PATCH] seccomp: add arch_prctl() to the syscall
	whitelist
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: coreyb@linux.vnet.ibm.com, qemu-stable@nongnu.org, Eduardo Otubo <otubo@linux.vnet.ibm.com>

On Wednesday, July 24, 2013 03:01:57 PM Eduardo Otubo wrote:
> On 07/23/2013 10:57 AM, Paul Moore wrote:
> > On Thursday, July 18, 2013 09:57:03 AM Paul Moore wrote:
> >> It appears that even a very simple /etc/qemu-ifup configuration can
> >> 
> >> require the arch_prctl() syscall, see the example below:
> >> 	#!/bin/sh
> >> 	/sbin/ifconfig $1 0.0.0.0 up
> >> 	/usr/sbin/brctl addif <switch> $1
> >> 
> >> Signed-off-by: Paul Moore <pmoore@redhat.com>
> > 
> > As with the other fix, a gentle nudge so this isn't forgotten.
> 
> Reviewed and tested.
> 
> Reviewed-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>

Any chance of merging this patch?

> >> ---
> >> 
> >>   qemu-seccomp.c |    3 ++-
> >>   1 file changed, 2 insertions(+), 1 deletion(-)
> >> 
> >> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> >> index 173d185..9e91c73 100644
> >> --- a/qemu-seccomp.c
> >> +++ b/qemu-seccomp.c
> >> @@ -234,7 +234,8 @@ static const struct QemuSeccompSyscall
> >> seccomp_whitelist[] = { { SCMP_SYS(waitid), 241 },
> >> 
> >>       { SCMP_SYS(io_cancel), 241 },
> >>       { SCMP_SYS(io_setup), 241 },
> >> 
> >> -    { SCMP_SYS(io_destroy), 241 }
> >> +    { SCMP_SYS(io_destroy), 241 },
> >> +    { SCMP_SYS(arch_prctl), 240 }
> >> 
> >>   };
> >>   
> >>   int seccomp_start(void)
-- 
paul moore
security and virtualization @ redhat