From 9fdd545a8f85d68e8f5d04c6d618390712cefcf6 Mon Sep 17 00:00:00 2001 Message-Id: <9fdd545a8f85d68e8f5d04c6d618390712cefcf6.1422041080.git.jen@redhat.com> In-Reply-To: References: From: Paul Moore Date: Wed, 14 Jan 2015 18:52:28 -0500 Subject: [CHANGE 2/4] seccomp: add mbind() to the syscall whitelist To: rhvirt-patches@redhat.com, jen@redhat.com RH-Author: Paul Moore Message-id: <20150114185228.32103.31824.stgit@localhost> Patchwork-id: 63294 O-Subject: [RHEL7 qemu-kvm-rhev PATCH] seccomp: add mbind() to the syscall whitelist Bugzilla: 1172473 RH-Acked-by: Amit Shah RH-Acked-by: Bandan Das RH-Acked-by: Eduardo Habkost RH-Acked-by: Laszlo Ersek The "memory-backend-ram" QOM object utilizes the mbind(2) syscall to set the policy for a memory range. Add the syscall to the seccomp sandbox whitelist. Signed-off-by: Paul Moore Signed-off-by: Eduardo Otubo Acked-by: Eduardo Otubo Tested-by: Eduardo Habkost Reviewed-by: Eduardo Habkost (cherry picked from commit ea259acae5b2d88ee6e92caf1cf44eb501eaef47) Signed-off-by: Jeff E. Nelson Conflicts: qemu-seccomp.c Conflicts due to upstream additions to the syscall whitelist, nothing major. Signed-off-by: Jeff E. Nelson --- qemu-seccomp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 2ccbcb2..4dc18ee 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -232,7 +232,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(mlockall), 240 }, { SCMP_SYS(mlock), 240 }, { SCMP_SYS(munlock), 240 }, - { SCMP_SYS(semctl), 240 } + { SCMP_SYS(semctl), 240 }, + { SCMP_SYS(mbind), 240 } }; int seccomp_start(void) -- 2.1.0