[Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Eduardo Otubo]

This was causing Qemu process to hang when using -sandbox on.

Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175

Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
---
 qemu-seccomp.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(getuid), 245 },
     { SCMP_SYS(geteuid), 245 },
     { SCMP_SYS(timer_create), 245 },
+    { SCMP_SYS(times), 245 },
     { SCMP_SYS(exit), 245 },
     { SCMP_SYS(clock_gettime), 245 },
     { SCMP_SYS(time), 245 },
-- 
1.7.1

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Corey Bryant]

On 09/04/2013 08:25 AM, Eduardo Otubo wrote:
> This was causing Qemu process to hang when using -sandbox on.
>
> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
>
> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
> ---
>   qemu-seccomp.c |    1 +
>   1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index 37d38f8..69cee44 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
>       { SCMP_SYS(getuid), 245 },
>       { SCMP_SYS(geteuid), 245 },
>       { SCMP_SYS(timer_create), 245 },
> +    { SCMP_SYS(times), 245 },
>       { SCMP_SYS(exit), 245 },
>       { SCMP_SYS(clock_gettime), 245 },
>       { SCMP_SYS(time), 245 },
>

Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

-- 
Regards,
Corey Bryant

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Paul Moore]

On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
> This was causing Qemu process to hang when using -sandbox on.
> 
> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
> 
> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>

Works for me.

Tested-by: Paul Moore <pmoore@redhat.com>

> ---
>  qemu-seccomp.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index 37d38f8..69cee44 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
> = { { SCMP_SYS(getuid), 245 },
>      { SCMP_SYS(geteuid), 245 },
>      { SCMP_SYS(timer_create), 245 },
> +    { SCMP_SYS(times), 245 },
>      { SCMP_SYS(exit), 245 },
>      { SCMP_SYS(clock_gettime), 245 },
>      { SCMP_SYS(time), 245 },

-- 
paul moore
security and virtualization @ redhat

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Eduardo Otubo]

Hello,

	Any chance to get this patch applied?

Thanks!

On 09/04/2013 11:11 AM, Paul Moore wrote:
> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
>> This was causing Qemu process to hang when using -sandbox on.
>>
>> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
>>
>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>
> Works for me.
>
> Tested-by: Paul Moore <pmoore@redhat.com>
>
>> ---
>>   qemu-seccomp.c |    1 +
>>   1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>> index 37d38f8..69cee44 100644
>> --- a/qemu-seccomp.c
>> +++ b/qemu-seccomp.c
>> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
>> = { { SCMP_SYS(getuid), 245 },
>>       { SCMP_SYS(geteuid), 245 },
>>       { SCMP_SYS(timer_create), 245 },
>> +    { SCMP_SYS(times), 245 },
>>       { SCMP_SYS(exit), 245 },
>>       { SCMP_SYS(clock_gettime), 245 },
>>       { SCMP_SYS(time), 245 },
>

-- 
Eduardo Otubo
IBM Linux Technology Center

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Paolo Bonzini]

Il 06/09/2013 20:41, Eduardo Otubo ha scritto:
> Hello,
> 
>     Any chance to get this patch applied?
> 
> Thanks!

Paul, perhaps you can add yourself to MAINTAINERS and send a pull request?

Paolo

> On 09/04/2013 11:11 AM, Paul Moore wrote:
>> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
>>> This was causing Qemu process to hang when using -sandbox on.
>>>
>>> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
>>>
>>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>>
>> Works for me.
>>
>> Tested-by: Paul Moore <pmoore@redhat.com>
>>
>>> ---
>>>   qemu-seccomp.c |    1 +
>>>   1 files changed, 1 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>>> index 37d38f8..69cee44 100644
>>> --- a/qemu-seccomp.c
>>> +++ b/qemu-seccomp.c
>>> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
>>> seccomp_whitelist[]
>>> = { { SCMP_SYS(getuid), 245 },
>>>       { SCMP_SYS(geteuid), 245 },
>>>       { SCMP_SYS(timer_create), 245 },
>>> +    { SCMP_SYS(times), 245 },
>>>       { SCMP_SYS(exit), 245 },
>>>       { SCMP_SYS(clock_gettime), 245 },
>>>       { SCMP_SYS(time), 245 },
>>
> 

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Paul Moore]

On Monday, September 09, 2013 12:38:12 PM Paolo Bonzini wrote:
> Il 06/09/2013 20:41, Eduardo Otubo ha scritto:
> > Hello,
> > 
> >     Any chance to get this patch applied?
> > 
> > Thanks!
> 
> Paul, perhaps you can add yourself to MAINTAINERS and send a pull request?
> 
> Paolo

Out of respect for the work that Eduardo has done, and is continuing to do, 
with the QEMU seccomp filtering, I think Eduardo should be the one to take on 
this role.  If Eduardo declines I'll do ahead and submit a patch adding myself 
to the MAINTAINERS file.

> > On 09/04/2013 11:11 AM, Paul Moore wrote:
> >> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
> >>> This was causing Qemu process to hang when using -sandbox on.
> >>> 
> >>> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
> >>> 
> >>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
> >> 
> >> Works for me.
> >> 
> >> Tested-by: Paul Moore <pmoore@redhat.com>
> >> 
> >>> ---
> >>> 
> >>>   qemu-seccomp.c |    1 +
> >>>   1 files changed, 1 insertions(+), 0 deletions(-)
> >>> 
> >>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> >>> index 37d38f8..69cee44 100644
> >>> --- a/qemu-seccomp.c
> >>> +++ b/qemu-seccomp.c
> >>> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
> >>> seccomp_whitelist[]
> >>> = { { SCMP_SYS(getuid), 245 },
> >>> 
> >>>       { SCMP_SYS(geteuid), 245 },
> >>>       { SCMP_SYS(timer_create), 245 },
> >>> 
> >>> +    { SCMP_SYS(times), 245 },
> >>> 
> >>>       { SCMP_SYS(exit), 245 },
> >>>       { SCMP_SYS(clock_gettime), 245 },
> >>>       { SCMP_SYS(time), 245 },

-- 
paul moore
security and virtualization @ redhat

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Eduardo Otubo]

On 09/09/2013 09:36 AM, Paul Moore wrote:
> On Monday, September 09, 2013 12:38:12 PM Paolo Bonzini wrote:
>> Il 06/09/2013 20:41, Eduardo Otubo ha scritto:
>>> Hello,
>>>
>>>      Any chance to get this patch applied?
>>>
>>> Thanks!
>>
>> Paul, perhaps you can add yourself to MAINTAINERS and send a pull request?
>>
>> Paolo
>
> Out of respect for the work that Eduardo has done, and is continuing to do,
> with the QEMU seccomp filtering, I think Eduardo should be the one to take on
> this role.  If Eduardo declines I'll do ahead and submit a patch adding myself
> to the MAINTAINERS file.

If this is ok for everyone, I would be really glad to take this role to 
myself. Paul, thanks for this vote of confidence. Paolo, should I send a 
patch for MAINTAINERS right away?

Regards,

>
>>> On 09/04/2013 11:11 AM, Paul Moore wrote:
>>>> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
>>>>> This was causing Qemu process to hang when using -sandbox on.
>>>>>
>>>>> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
>>>>>
>>>>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>>>>
>>>> Works for me.
>>>>
>>>> Tested-by: Paul Moore <pmoore@redhat.com>
>>>>
>>>>> ---
>>>>>
>>>>>    qemu-seccomp.c |    1 +
>>>>>    1 files changed, 1 insertions(+), 0 deletions(-)
>>>>>
>>>>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>>>>> index 37d38f8..69cee44 100644
>>>>> --- a/qemu-seccomp.c
>>>>> +++ b/qemu-seccomp.c
>>>>> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
>>>>> seccomp_whitelist[]
>>>>> = { { SCMP_SYS(getuid), 245 },
>>>>>
>>>>>        { SCMP_SYS(geteuid), 245 },
>>>>>        { SCMP_SYS(timer_create), 245 },
>>>>>
>>>>> +    { SCMP_SYS(times), 245 },
>>>>>
>>>>>        { SCMP_SYS(exit), 245 },
>>>>>        { SCMP_SYS(clock_gettime), 245 },
>>>>>        { SCMP_SYS(time), 245 },
>

-- 
Eduardo Otubo
IBM Linux Technology Center

[Qemu-devel] seccomp submaintainer? (was Re: [PATCH] seccomp: adding times() to the whitelist)

[Paolo Bonzini]

Il 09/09/2013 15:20, Eduardo Otubo ha scritto:
>> Out of respect for the work that Eduardo has done, and is
>> continuing to do, with the QEMU seccomp filtering, I think Eduardo
>> should be the one to take on this role. If Eduardo declines I'll do
>> ahead and submit a patch adding myself to the MAINTAINERS file.
>
> If this is ok for everyone, I would be really glad to take this role to
> myself. Paul, thanks for this vote of confidence. Paolo, should I send a
> patch for MAINTAINERS right away?

Ok, I was suggesting Paul because he was the one doing reviews.

Eduardo, that is also okay for me.  However, even as a maintainer please
do wait for Paul's reviews.  Many areas of QEMU have maintainers that do
not send their own patches without a review, so this wouldn't be a new
rule. :)

Please wait for Anthony's ack.  I changed the subject and CCed him to
grab his attention.

Paolo

Re: [Qemu-devel] seccomp submaintainer? (was Re: [PATCH] seccomp: adding times() to the whitelist)

[Paul Moore]

On Monday, September 09, 2013 03:48:09 PM Paolo Bonzini wrote:
> Il 09/09/2013 15:20, Eduardo Otubo ha scritto:
> >> Out of respect for the work that Eduardo has done, and is
> >> continuing to do, with the QEMU seccomp filtering, I think Eduardo
> >> should be the one to take on this role. If Eduardo declines I'll do
> >> ahead and submit a patch adding myself to the MAINTAINERS file.
> > 
> > If this is ok for everyone, I would be really glad to take this role to
> > myself. Paul, thanks for this vote of confidence. Paolo, should I send a
> > patch for MAINTAINERS right away?
> 
> Ok, I was suggesting Paul because he was the one doing reviews.
> 
> Eduardo, that is also okay for me.  However, even as a maintainer please
> do wait for Paul's reviews.  Many areas of QEMU have maintainers that do
> not send their own patches without a review, so this wouldn't be a new
> rule. :)

Okay, with respect to maintainership, I was thinking more along the lines of 
the Linux Kernel where those that do the work get the job; it looks like QEMU 
has a slightly different twist on the idea.  If it makes more sense to the 
QEMU devs you can always add me as a co-maintainer.

Regardless, I do plan on continuing to review/test patches and I don't expect 
that to change in the near future.

> Please wait for Anthony's ack.  I changed the subject and CCed him to
> grab his attention.
> 
> Paolo

-- 
paul moore
security and virtualization @ redhat

Re: [Qemu-devel] seccomp submaintainer? (was Re: [PATCH] seccomp: adding times() to the whitelist)

[Anthony Liguori]

On Mon, Sep 9, 2013 at 8:48 AM, Paolo Bonzini <pbonzini@redhat.com> wrote:
> Il 09/09/2013 15:20, Eduardo Otubo ha scritto:
>>> Out of respect for the work that Eduardo has done, and is
>>> continuing to do, with the QEMU seccomp filtering, I think Eduardo
>>> should be the one to take on this role. If Eduardo declines I'll do
>>> ahead and submit a patch adding myself to the MAINTAINERS file.
>>
>> If this is ok for everyone, I would be really glad to take this role to
>> myself. Paul, thanks for this vote of confidence. Paolo, should I send a
>> patch for MAINTAINERS right away?
>
> Ok, I was suggesting Paul because he was the one doing reviews.
>
> Eduardo, that is also okay for me.  However, even as a maintainer please
> do wait for Paul's reviews.  Many areas of QEMU have maintainers that do
> not send their own patches without a review, so this wouldn't be a new
> rule. :)
>
> Please wait for Anthony's ack.  I changed the subject and CCed him to
> grab his attention.

Ack.  I think it's a great idea.

Regards,

Anthony Liguori

>
> Paolo

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Paul Moore]

On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
> > This was causing Qemu process to hang when using -sandbox on.
> > 
> > Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
> > 
> > Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
> 
> Works for me.
> 
> Tested-by: Paul Moore <pmoore@redhat.com>

I fear this patch may have been lost in the maintainer discussion - can we 
merge this fix please?

> > ---
> > 
> >  qemu-seccomp.c |    1 +
> >  1 files changed, 1 insertions(+), 0 deletions(-)
> > 
> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > index 37d38f8..69cee44 100644
> > --- a/qemu-seccomp.c
> > +++ b/qemu-seccomp.c
> > @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
> > seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
> > 
> >      { SCMP_SYS(geteuid), 245 },
> >      { SCMP_SYS(timer_create), 245 },
> > 
> > +    { SCMP_SYS(times), 245 },
> > 
> >      { SCMP_SYS(exit), 245 },
> >      { SCMP_SYS(clock_gettime), 245 },
> >      { SCMP_SYS(time), 245 },

-- 
paul moore
security and virtualization @ redhat

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Eduardo Otubo]

On 09/13/2013 11:45 AM, Paul Moore wrote:
> On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
>> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
>>> This was causing Qemu process to hang when using -sandbox on.
>>>
>>> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
>>>
>>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>>
>> Works for me.
>>
>> Tested-by: Paul Moore <pmoore@redhat.com>
>
> I fear this patch may have been lost in the maintainer discussion - can we
> merge this fix please?

Just another poke on this patch. Poor little bug 
https://bugzilla.redhat.com/show_bug.cgi?id=1004175 is waiting for a fix.

Thanks.

>
>>> ---
>>>
>>>   qemu-seccomp.c |    1 +
>>>   1 files changed, 1 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>>> index 37d38f8..69cee44 100644
>>> --- a/qemu-seccomp.c
>>> +++ b/qemu-seccomp.c
>>> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
>>> seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
>>>
>>>       { SCMP_SYS(geteuid), 245 },
>>>       { SCMP_SYS(timer_create), 245 },
>>>
>>> +    { SCMP_SYS(times), 245 },
>>>
>>>       { SCMP_SYS(exit), 245 },
>>>       { SCMP_SYS(clock_gettime), 245 },
>>>       { SCMP_SYS(time), 245 },
>

-- 
Eduardo Otubo
IBM Linux Technology Center

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Paul Moore]

On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
> > This was causing Qemu process to hang when using -sandbox on.
> > 
> > Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
> > 
> > Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
> 
> Works for me.
> 
> Tested-by: Paul Moore <pmoore@redhat.com>

Eduardo, perhaps you should just merge this into your tree and send a pull 
request?  This fix should also go into -stable.

Acked-by: Paul Moore <pmoore@redhat.com>

> > ---
> > 
> >  qemu-seccomp.c |    1 +
> >  1 files changed, 1 insertions(+), 0 deletions(-)
> > 
> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > index 37d38f8..69cee44 100644
> > --- a/qemu-seccomp.c
> > +++ b/qemu-seccomp.c
> > @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
> > seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
> > 
> >      { SCMP_SYS(geteuid), 245 },
> >      { SCMP_SYS(timer_create), 245 },
> > 
> > +    { SCMP_SYS(times), 245 },
> > 
> >      { SCMP_SYS(exit), 245 },
> >      { SCMP_SYS(clock_gettime), 245 },
> >      { SCMP_SYS(time), 245 },

-- 
paul moore
security and virtualization @ redhat

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Anthony Liguori]

[-- Attachment #1: Type: text/plain, Size: 1792 bytes --]

On Mon, Sep 23, 2013 at 2:49 PM, Eduardo Otubo <otubo@linux.vnet.ibm.com>wrote:

>
>
> On 09/13/2013 11:45 AM, Paul Moore wrote:
>
>> On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
>>
>>> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
>>>
>>>> This was causing Qemu process to hang when using -sandbox on.
>>>>
>>>> Related RHBZ: https://bugzilla.redhat.com/**show_bug.cgi?id=1004175<https://bugzilla.redhat.com/show_bug.cgi?id=1004175>
>>>>
>>>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>>>>
>>>
>>> Works for me.
>>>
>>> Tested-by: Paul Moore <pmoore@redhat.com>
>>>
>>
>> I fear this patch may have been lost in the maintainer discussion - can we
>> merge this fix please?
>>
>
> Just another poke on this patch. Poor little bug
> https://bugzilla.redhat.com/**show_bug.cgi?id=1004175<https://bugzilla.redhat.com/show_bug.cgi?id=1004175>is waiting for a fix.
>
> Thanks.



M: Eduardo Otubo <otubo@linux.vnet.ibm.com>
S: Supported
F: qemu-seccomp.c
F: include/sysemu/seccomp.h

You should be sending a pull request Eduardo.

Regards,

Anthony Liguori


>
>
>
>>  ---
>>>>
>>>>   qemu-seccomp.c |    1 +
>>>>   1 files changed, 1 insertions(+), 0 deletions(-)
>>>>
>>>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>>>> index 37d38f8..69cee44 100644
>>>> --- a/qemu-seccomp.c
>>>> +++ b/qemu-seccomp.c
>>>> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
>>>> seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
>>>>
>>>>       { SCMP_SYS(geteuid), 245 },
>>>>       { SCMP_SYS(timer_create), 245 },
>>>>
>>>> +    { SCMP_SYS(times), 245 },
>>>>
>>>>       { SCMP_SYS(exit), 245 },
>>>>       { SCMP_SYS(clock_gettime), 245 },
>>>>       { SCMP_SYS(time), 245 },
>>>>
>>>
>>
> --
> Eduardo Otubo
> IBM Linux Technology Center
>
>
>

[-- Attachment #2: Type: text/html, Size: 3524 bytes --]

Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Eduardo Otubo]

On 09/23/2013 04:53 PM, Paul Moore wrote:
> On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
>> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
>>> This was causing Qemu process to hang when using -sandbox on.
>>>
>>> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
>>>
>>> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
>>
>> Works for me.
>>
>> Tested-by: Paul Moore <pmoore@redhat.com>
>
> Eduardo, perhaps you should just merge this into your tree and send a pull
> request?  This fix should also go into -stable.

OH you're absolutely right, I'll just do it! Thanks for the heads up, 
forgot I have special powers now.

>
> Acked-by: Paul Moore <pmoore@redhat.com>
>
>>> ---
>>>
>>>   qemu-seccomp.c |    1 +
>>>   1 files changed, 1 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
>>> index 37d38f8..69cee44 100644
>>> --- a/qemu-seccomp.c
>>> +++ b/qemu-seccomp.c
>>> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
>>> seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
>>>
>>>       { SCMP_SYS(geteuid), 245 },
>>>       { SCMP_SYS(timer_create), 245 },
>>>
>>> +    { SCMP_SYS(times), 245 },
>>>
>>>       { SCMP_SYS(exit), 245 },
>>>       { SCMP_SYS(clock_gettime), 245 },
>>>       { SCMP_SYS(time), 245 },
>

-- 
Eduardo Otubo
IBM Linux Technology Center