Commit 1c51e68b authored by Anthony Liguori's avatar Anthony Liguori
Browse files

Merge remote-tracking branch 'otubo/seccomp' into staging 



* otubo/seccomp:
  seccomp: add some basic shared memory syscalls to the whitelist
  seccomp: add mkdir() and fchmod() to the whitelist

Message-id: 1390231004-18392-1-git-send-email-otubo@linux.vnet.ibm.com
Signed-off-by: default avatarAnthony Liguori <aliguori@amazon.com>
parents 7d64b2c2 918b94e2

qemu-seccomp.c

+6 −1
Original line number Diff line number Diff line
@@ -220,7 +220,12 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { 
    { SCMP_SYS(io_cancel), 241 },

    { SCMP_SYS(io_setup), 241 },

    { SCMP_SYS(io_destroy), 241 },

    { SCMP_SYS(arch_prctl), 240 }

    { SCMP_SYS(arch_prctl), 240 },

    { SCMP_SYS(mkdir), 240 },

    { SCMP_SYS(fchmod), 240 },

    { SCMP_SYS(shmget), 240 },

    { SCMP_SYS(shmat), 240 },

    { SCMP_SYS(shmdt), 240 }

};



int seccomp_start(void)