Commit e2da502c authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/otubo/seccomp' into staging 



* remotes/otubo/seccomp:
  seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist
  seccomp: add timerfd_create and timerfd_settime to the whitelist

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 93156cef e3f9bb01

qemu-seccomp.c

+6 −1
Original line number Diff line number Diff line
@@ -143,6 +143,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { 
    { SCMP_SYS(getsockname), 242 },

    { SCMP_SYS(getpeername), 242 },

    { SCMP_SYS(accept4), 242 },

    { SCMP_SYS(timerfd_settime), 242 },

    { SCMP_SYS(newfstatat), 241 },

    { SCMP_SYS(shutdown), 241 },

    { SCMP_SYS(getsockopt), 241 },
@@ -225,7 +226,11 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { 
    { SCMP_SYS(fchmod), 240 },

    { SCMP_SYS(shmget), 240 },

    { SCMP_SYS(shmat), 240 },

    { SCMP_SYS(shmdt), 240 }

    { SCMP_SYS(shmdt), 240 },

    { SCMP_SYS(timerfd_create), 240 },

    { SCMP_SYS(shmctl), 240 },

    { SCMP_SYS(mlock), 240 },

    { SCMP_SYS(munlock), 240 }

};



int seccomp_start(void)