From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43031)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1V23O3-00060v-7C
	for qemu-devel@nongnu.org; Wed, 24 Jul 2013 14:02:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1V23O2-000473-4E
	for qemu-devel@nongnu.org; Wed, 24 Jul 2013 14:02:07 -0400
Received: from e24smtp01.br.ibm.com ([32.104.18.85]:49536)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <otubo@linux.vnet.ibm.com>) id 1V23O1-00046j-Jp
	for qemu-devel@nongnu.org; Wed, 24 Jul 2013 14:02:06 -0400
Received: from /spool/local
	by e24smtp01.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <otubo@linux.vnet.ibm.com>;
	Wed, 24 Jul 2013 15:02:01 -0300
Message-ID: <51F01695.6070801@linux.vnet.ibm.com>
Date: Wed, 24 Jul 2013 15:01:57 -0300
From: Eduardo Otubo <otubo@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <20130718135703.8247.19213.stgit@localhost>
	<7859073.tKPvLxPtrm@sifl>
In-Reply-To: <7859073.tKPvLxPtrm@sifl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] seccomp: add arch_prctl() to the syscall
 whitelist
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paul Moore <pmoore@redhat.com>
Cc: coreyb@linux.vnet.ibm.com, qemu-devel@nongnu.org, qemu-stable@nongnu.org



On 07/23/2013 10:57 AM, Paul Moore wrote:
> On Thursday, July 18, 2013 09:57:03 AM Paul Moore wrote:
>> It appears that even a very simple /etc/qemu-ifup configuration can
>> require the arch_prctl() syscall, see the example below:
>>
>> 	#!/bin/sh
>> 	/sbin/ifconfig $1 0.0.0.0 up
>> 	/usr/sbin/brctl addif <switch> $1
>>
>> Signed-off-by: Paul Moore <pmoore@redhat.com>
>
> As with the other fix, a gentle nudge so this isn't forgotten.

Reviewed and tested.

Reviewed-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>

>
>> ---
>>   qemu-seccomp.c |    3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>> index 173d185..9e91c73 100644
>> --- a/qemu-seccomp.c
>> +++ b/qemu-seccomp.c
>> @@ -234,7 +234,8 @@ static const struct QemuSeccompSyscall
>> seccomp_whitelist[] = { { SCMP_SYS(waitid), 241 },
>>       { SCMP_SYS(io_cancel), 241 },
>>       { SCMP_SYS(io_setup), 241 },
>> -    { SCMP_SYS(io_destroy), 241 }
>> +    { SCMP_SYS(io_destroy), 241 },
>> +    { SCMP_SYS(arch_prctl), 240 }
>>   };
>>
>>   int seccomp_start(void)

-- 
Eduardo Otubo
IBM Linux Technology Center