From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35166) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WLDDX-00044S-7J for qemu-devel@nongnu.org; Wed, 05 Mar 2014 09:54:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WLDDO-0007Mr-8o for qemu-devel@nongnu.org; Wed, 05 Mar 2014 09:54:43 -0500 Received: from e24smtp01.br.ibm.com ([32.104.18.85]:38145) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WLDDN-0007MX-QZ for qemu-devel@nongnu.org; Wed, 05 Mar 2014 09:54:34 -0500 Received: from /spool/local by e24smtp01.br.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 5 Mar 2014 11:54:30 -0300 Received: from d24relay02.br.ibm.com (d24relay02.br.ibm.com [9.13.184.26]) by d24dlp02.br.ibm.com (Postfix) with ESMTP id A775F1DC0063 for ; Wed, 5 Mar 2014 09:53:58 -0500 (EST) Received: from d24av05.br.ibm.com (d24av05.br.ibm.com [9.18.232.44]) by d24relay02.br.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id s25ErqlT54460520 for ; Wed, 5 Mar 2014 11:53:52 -0300 Received: from d24av05.br.ibm.com (localhost [127.0.0.1]) by d24av05.br.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id s25ErvVR000645 for ; Wed, 5 Mar 2014 09:53:57 -0500 Message-ID: <53173A86.8040206@linux.vnet.ibm.com> Date: Wed, 05 Mar 2014 11:53:58 -0300 From: Eduardo Otubo MIME-Version: 1.0 References: <20140226152501.5062.42074.stgit@localhost> <1422240.VnSJ3J12An@sifl> In-Reply-To: <1422240.VnSJ3J12An@sifl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paul Moore , qemu-devel@nongnu.org On 03/03/2014 05:41 PM, Paul Moore wrote: > On Wednesday, February 26, 2014 10:25:01 AM Paul Moore wrote: >> Additional testing reveals that PulseAudio requires shmctl() and the >> mlock()/munlock() syscalls on some systems/configurations. As before, >> on systems that do require these syscalls, the problem can be seen with >> the following command line: >> >> # qemu -monitor stdio -sandbox on \ >> -device intel-hda -device hda-duplex >> >> Signed-off-by: Paul Moore >> --- >> qemu-seccomp.c | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/qemu-seccomp.c b/qemu-seccomp.c >> index caa926e..3db1e9b 100644 >> --- a/qemu-seccomp.c >> +++ b/qemu-seccomp.c >> @@ -225,7 +225,10 @@ static const struct QemuSeccompSyscall >> seccomp_whitelist[] = { { SCMP_SYS(fchmod), 240 }, >> { SCMP_SYS(shmget), 240 }, >> { SCMP_SYS(shmat), 240 }, >> - { SCMP_SYS(shmdt), 240 } >> + { SCMP_SYS(shmdt), 240 }, >> + { SCMP_SYS(shmctl), 240 }, >> + { SCMP_SYS(mlock), 240 }, >> + { SCMP_SYS(munlock), 240 } >> }; >> >> int seccomp_start(void) > > Bump to bring this back the forefront of everyone's minds. Can we get this > merged? > Sorry for the late review, I've been hit by a terrible tendinitis and was unable to use a computer for the last week. :( I ACK this patch and I'll create a pull request by friday EOD if nothing else comes up. -- Eduardo Otubo IBM Linux Technology Center