From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:34641) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Uhnlw-0000Dc-3V for qemu-devel@nongnu.org; Wed, 29 May 2013 17:19:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Uhnlr-0005wc-GU for qemu-devel@nongnu.org; Wed, 29 May 2013 17:19:04 -0400 Received: from e35.co.us.ibm.com ([32.97.110.153]:43974) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Uhnlr-0005wV-9o for qemu-devel@nongnu.org; Wed, 29 May 2013 17:18:59 -0400 Received: from /spool/local by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 29 May 2013 15:18:57 -0600 Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by d03dlp02.boulder.ibm.com (Postfix) with ESMTP id 75F893E40026 for ; Wed, 29 May 2013 15:16:53 -0600 (MDT) Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r4TLH2xf089532 for ; Wed, 29 May 2013 15:17:07 -0600 Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1]) by d03av03.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r4TLH1MJ003592 for ; Wed, 29 May 2013 15:17:02 -0600 Message-ID: <51A67048.50300@linux.vnet.ibm.com> Date: Wed, 29 May 2013 17:16:56 -0400 From: Corey Bryant MIME-Version: 1.0 References: <20130529203001.20939.83322.stgit@localhost> In-Reply-To: <20130529203001.20939.83322.stgit@localhost> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] seccomp: add the asynchronous I/O syscalls to the whitelist List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paul Moore Cc: qemu-devel@nongnu.org, otubo@linux.vnet.ibm.com On 05/29/2013 04:30 PM, Paul Moore wrote: > In order to enable the asynchronous I/O functionality when using the > seccomp sandbox we need to add the associated syscalls to the > whitelist. > > Signed-off-by: Paul Moore > --- > qemu-seccomp.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > index 031da1d..ca123bf 100644 > --- a/qemu-seccomp.c > +++ b/qemu-seccomp.c > @@ -87,6 +87,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(stat), 245 }, > { SCMP_SYS(uname), 245 }, > { SCMP_SYS(eventfd2), 245 }, > + { SCMP_SYS(io_getevents), 245 }, > { SCMP_SYS(dup), 245 }, > { SCMP_SYS(dup2), 245 }, > { SCMP_SYS(dup3), 245 }, > @@ -229,7 +230,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(sendmmsg), 241 }, > { SCMP_SYS(recvmmsg), 241 }, > { SCMP_SYS(prlimit64), 241 }, > - { SCMP_SYS(waitid), 241 } > + { SCMP_SYS(waitid), 241 }, > + { SCMP_SYS(io_setup), 241 }, > + { SCMP_SYS(io_destroy), 241 } > }; > > int seccomp_start(void) > > > Thanks for the patch. It looks good to me and I see these are used by the block aio code. Reviewed-by: Corey Bryant -- Regards, Corey Bryant