cryptospore / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-seccomp-adding-sysinfo-system-call-to-whitelist.patch

34b321
From 2dc9b654f678a1cfa95a680f31085cdff1e648b2 Mon Sep 17 00:00:00 2001
34b321
From: Miroslav Rezanina <mrezanin@redhat.com>
34b321
Date: Fri, 22 Apr 2016 05:14:07 +0200
34b321
Subject: [PATCH 02/10] seccomp: adding sysinfo system call to whitelist
34b321
34b321
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
34b321
Message-id: <1461302047-6677-1-git-send-email-mrezanin@redhat.com>
34b321
Patchwork-id: 70221
34b321
O-Subject: [RHEL 7.3 qemu-kvm PATCH] seccomp: adding sysinfo system call to whitelist
34b321
Bugzilla: 1177318
34b321
RH-Acked-by: Thomas Huth <thuth@redhat.com>
34b321
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
34b321
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
34b321
34b321
From: Miroslav Rezanina <mrezanin@redhat.com>
34b321
34b321
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1177318
34b321
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=10914613
34b321
RHEV: BZ 1177309, fixed with 2.6 rebase
34b321
34b321
Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call
34b321
so qemu using rbd image hang after start when run in sandbox mode.
34b321
34b321
To allow using rbd images in sandbox mode we have to whitelist it.
34b321
34b321
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
34b321
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
34b321
(cherry picked from commit 8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343)
34b321
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
34b321
---
34b321
 qemu-seccomp.c | 1 +
34b321
 1 file changed, 1 insertion(+)
34b321
34b321
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
34b321
index 5e60fce..e947909 100644
34b321
--- a/qemu-seccomp.c
34b321
+++ b/qemu-seccomp.c
34b321
@@ -249,6 +249,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
34b321
     { SCMP_SYS(munlock), 240 },
34b321
     { SCMP_SYS(semctl), 240 },
34b321
     { SCMP_SYS(timerfd_create), 240 },
34b321
+    { SCMP_SYS(sysinfo), 240 },
34b321
 };
34b321
 
34b321
 int seccomp_start(void)
34b321
-- 
34b321
1.8.3.1
34b321