Re: [Virtio-fs] [PATCH] virtiofsd: Add `sigreturn` to the seccomp whitelist

[Marc Hartmayer]

German Maglione <gmaglione@redhat.com> writes:

> On Fri, Nov 25, 2022 at 3:40 PM Marc Hartmayer <mhartmay@linux.ibm.com> wrote:
>>
>> The virtiofsd currently crashes on s390x. This is because of a
>> `sigreturn` system call. See audit log below:
>>
>> type=SECCOMP msg=audit(1669382477.611:459): auid=4294967295 uid=0 gid=0 
>> ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 pid=6649 
>> comm="virtiofsd" exe="/usr/libexec/virtiofsd" sig=31 arch=80000016 
>> syscall=119 compat=0 ip=0x3fff15f748a code=0x80000000AUID="unset" UID="root" 
>> GID="root" ARCH=s390x SYSCALL=sigreturn
>>
>> Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
>> ---
>>  tools/virtiofsd/passthrough_seccomp.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/tools/virtiofsd/passthrough_seccomp.c 
>> b/tools/virtiofsd/passthrough_seccomp.c
>> index 888295c073de..0033dab4939e 100644
>> --- a/tools/virtiofsd/passthrough_seccomp.c
>> +++ b/tools/virtiofsd/passthrough_seccomp.c
>> @@ -110,6 +110,7 @@ static const int syscall_allowlist[] = {
>>  #endif
>>      SCMP_SYS(set_robust_list),
>>      SCMP_SYS(setxattr),
>> +    SCMP_SYS(sigreturn),
>>      SCMP_SYS(symlinkat),
>>      SCMP_SYS(syncfs),
>>      SCMP_SYS(time), /* Rarely needed, except on static builds */
>> --
>> 2.34.1
>>
>> _______________________________________________
>> Virtio-fs mailing list
>> Virtio-fs@redhat.com
>> https://listman.redhat.com/mailman/listinfo/virtio-fs
>>
>
> Reviewed-by:  German Maglione <gmaglione@redhat.com>

Thanks.

>
> Should we add this also in the rust version?, I see we don't have it
> enabled either.

Yep - thanks.

>
> -- 
> German
>
-- 
Kind regards / Beste Grüße
   Marc Hartmayer

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen 
Geschäftsführung: David Faller
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294