[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] libseccomp: add cacheflush to whitelist
|
From: |
Andrew Jones |
|
Subject: |
[Qemu-devel] [PATCH] libseccomp: add cacheflush to whitelist |
|
Date: |
Wed, 1 Jul 2015 09:12:33 -0400 |
cacheflush is an arm-specific syscall that qemu built for arm
uses. Add it to the whitelist.
Signed-off-by: Andrew Jones <address@hidden>
---
I'm not sure about the priority selection. Maybe cacheflush gets
used frequently enough that it deserves a higher one?
This patch isn't really necessary yet due to ae6e8ef11e6c: "Revert
seccomp tests that allow it to be used on non-x86 architectures",
which we can't revert until libseccomp has released a fix for
arm-specific syscall symbol naming, but when linking to a patched
libseccomp and reverting ae6e8ef11e6c, then this patch allows
guests to boot with '-sandbox on'.
Signed-off-by: Andrew Jones <address@hidden>
---
qemu-seccomp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index f9de0d3390feb..33644a4e3c3d3 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -237,7 +237,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
= {
{ SCMP_SYS(fadvise64), 240 },
{ SCMP_SYS(inotify_init1), 240 },
{ SCMP_SYS(inotify_add_watch), 240 },
- { SCMP_SYS(mbind), 240 }
+ { SCMP_SYS(mbind), 240 },
+ { SCMP_SYS(cacheflush), 240 },
};
int seccomp_start(void)
--
2.1.0
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [PATCH] libseccomp: add cacheflush to whitelist,
Andrew Jones <=