Commit adde0204 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20160416' into staging 



seccomp branch queue

# gpg: Signature made Sat 16 Apr 2016 19:58:46 BST using RSA key ID 12F8BD2F
# gpg: Good signature from "Eduardo Otubo (Software Engineer @ ProfitBricks) <eduardo.otubo@profitbricks.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 1C96 46B6 E1D1 C38A F2EC  3FDE FD0C FF5B 12F8 BD2F

* remotes/otubo/tags/pull-seccomp-20160416:
  seccomp: adding sysinfo system call to whitelist
  seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
  configure: Enable seccomp sandbox for MIPS

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents c6c598ca 8e08f8a4

configure

+3 −0
Original line number Diff line number Diff line
@@ -1872,6 +1872,9 @@ if test "$seccomp" != "no" ; then 
    i386|x86_64)

        libseccomp_minver="2.1.0"

        ;;

    mips)

        libseccomp_minver="2.2.0"

        ;;

    arm|aarch64)

        libseccomp_minver="2.2.3"

        ;;

qemu-seccomp.c

+6 −3
Original line number Diff line number Diff line
@@ -16,11 +16,13 @@ 
#include <seccomp.h>

#include "sysemu/seccomp.h"



/* For some architectures (notably ARM) cacheflush is not supported until

 * libseccomp 2.2.3, but configure enforces that we are using a more recent

 * version on those hosts, so it is OK for this check to be less strict.

 */

#if SCMP_VER_MAJOR >= 3

  #define HAVE_CACHEFLUSH

#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3

  #define HAVE_CACHEFLUSH

#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3

#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2

  #define HAVE_CACHEFLUSH

#endif
@@ -250,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { 
#ifdef HAVE_CACHEFLUSH

    { SCMP_SYS(cacheflush), 240 },

#endif

    { SCMP_SYS(sysinfo), 240 },

};



int seccomp_start(void)