From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59605)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <namnamc@Safe-mail.net>) id 1ZhVbI-00014a-Br
	for qemu-devel@nongnu.org; Thu, 01 Oct 2015 00:36:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <namnamc@Safe-mail.net>) id 1ZhVbD-0008AK-DV
	for qemu-devel@nongnu.org; Thu, 01 Oct 2015 00:36:12 -0400
Received: from www.safe-mail.net ([212.29.227.230]:44151
	helo=tapuz.safe-mail.net) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <namnamc@Safe-mail.net>) id 1ZhVbD-00089T-5i
	for qemu-devel@nongnu.org; Thu, 01 Oct 2015 00:36:07 -0400
Date: Thu, 1 Oct 2015 00:36:05 -0400
From: "Namsun Ch'o" <namnamc@Safe-mail.net>
Message-Id: <N1-fOl1digGhI@Safe-mail.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] [PATCH] Add syscalls for -runas and -chroot to the
	seccomp sandbox
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: eduardo.otubo@profitbricks.com

The seccomp sandbox doesn't whitelist setuid, setgid, or setgroups, which are
needed for -runas to work. It also doesn't whitelist chroot, which is needed
for the -chroot option. Unfortunately, QEMU enables seccomp before it drops
privileges or chroots, so without these whitelisted, -runas and -chroot cause
QEMU to be killed with -sandbox on. This patch adds those syscalls.

Signed-off-by: Namsun Ch'o <namnamc@safe-mail.net>
---
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index f9de0d3..5cb1809 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -237,7 +237,11 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(fadvise64), 240 },
     { SCMP_SYS(inotify_init1), 240 },
     { SCMP_SYS(inotify_add_watch), 240 },
-    { SCMP_SYS(mbind), 240 }
+    { SCMP_SYS(mbind), 240 },
+    { SCMP_SYS(setuid), 240 },
+    { SCMP_SYS(setgid), 240 },
+    { SCMP_SYS(chroot), 240 },
+    { SCMP_SYS(setgroups), 240 }
 };

 int seccomp_start(void)