summaryrefslogtreecommitdiff
path: root/qemu-seccomp.c
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-01-15 14:38:51 -0500
committerEduardo Otubo <otubo@linux.vnet.ibm.com>2014-01-20 11:19:29 -0200
commit0c2acb163fbb4579dad2d45595570b0a9ff71149 (patch)
tree4a630be82a06446c29f301b7c9d898c419fec699 /qemu-seccomp.c
parent1cf892ca2689c84960b4ce4d2723b6bee453711c (diff)
seccomp: add mkdir() and fchmod() to the whitelist
The PulseAudio library attempts to do a mkdir(2) and fchmod(2) on "/run/user/<UID>/pulse" which is currently blocked by the syscall filter; this patch adds the two missing syscalls to the whitelist. You can reproduce this problem with the following command: # qemu -monitor stdio -device intel-hda -device hda-duplex If watched under strace the following syscalls are shown: mkdir("/run/user/0/pulse", 0700) fchmod(11, 0700) [NOTE: 11 is the fd for /run/user/0/pulse] Reported-by: xuhan@redhat.com Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'qemu-seccomp.c')
-rw-r--r--qemu-seccomp.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index b7c125364c..89f244fcb2 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -220,7 +220,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(io_cancel), 241 },
{ SCMP_SYS(io_setup), 241 },
{ SCMP_SYS(io_destroy), 241 },
- { SCMP_SYS(arch_prctl), 240 }
+ { SCMP_SYS(arch_prctl), 240 },
+ { SCMP_SYS(mkdir), 240 },
+ { SCMP_SYS(fchmod), 240 }
};
int seccomp_start(void)