From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37661) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahymN-0003M0-Cf for qemu-devel@nongnu.org; Mon, 21 Mar 2016 08:17:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ahymJ-000844-Bm for qemu-devel@nongnu.org; Mon, 21 Mar 2016 08:17:51 -0400 Received: from mx4-phx2.redhat.com ([209.132.183.25]:34259) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahymJ-00083u-46 for qemu-devel@nongnu.org; Mon, 21 Mar 2016 08:17:47 -0400 Date: Mon, 21 Mar 2016 08:17:45 -0400 (EDT) From: Miroslav Rezanina Message-ID: <770111402.12416599.1458562665341.JavaMail.zimbra@redhat.com> In-Reply-To: <20160311085150.GA24308@vader> References: <1457343286-16019-1-git-send-email-mrezanin@redhat.com> <20160311085150.GA24308@vader> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH] Whitelist sysinfo call List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eduardo Otubo Cc: qemu-devel@nongnu.org, armbru@redhat.com ----- =E5=85=83=E3=81=AE=E3=83=A1=E3=83=83=E3=82=BB=E3=83=BC=E3=82=B8 ----- > =E5=B7=AE=E5=87=BA=E4=BA=BA: "Eduardo Otubo" > =E5=AE=9B=E5=85=88: mrezanin@redhat.com > Cc: qemu-devel@nongnu.org, armbru@redhat.com > =E9=80=81=E4=BF=A1=E6=B8=88=E3=81=BF: 2016=E5=B9=B43=E6=9C=8811=E6=97=A5,= =E9=87=91=E6=9B=9C=E6=97=A5 =E5=8D=88=E5=89=8D 9:51:50 > =E4=BB=B6=E5=90=8D: Re: [Qemu-devel] [PATCH] Whitelist sysinfo call >=20 > On Mon, Mar 07, 2016 at 10=3D34=3D46AM +0100, mrezanin@redhat.com wrote: > > From: Miroslav Rezanina > >=20 > > Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call > > so qemu using rbd image hang after start when run in sandbox mode. > >=20 > > To allow using rbd images in sandbox mode we have to whitelist it. > >=20 > > Signed-off-by: Miroslav Rezanina > > --- > > qemu-seccomp.c | 1 + > > 1 file changed, 1 insertion(+) > >=20 > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > > index 2866e3c..e29fca1 100644 > > --- a/qemu-seccomp.c > > +++ b/qemu-seccomp.c > > @@ -250,6 +250,7 @@ static const struct QemuSeccompSyscall > > seccomp_whitelist[] =3D { > > #ifdef HAVE_CACHEFLUSH > > { SCMP_SYS(cacheflush), 240 }, > > #endif > > + { SCMP_SYS(sysinfo), 240 }, >=20 > Are you sure you want to add this syscall to the bottom of the list? Did > you estimate the frequency it is called by running strace? >=20 > Thanks for the patch. >=20 Hi, Yes, it wasn't used before nss update and now is used only for rbd based im= ages where it is called just few times upon start so drawback should be minimal.= With this we do not change cost of other calls. Thanks for review and question, Mirek > -- > Eduardo Otubo > ProfitBricks GmbH >=20 --=20 Miroslav Rezanina Software Engineer - Virtualization Team