Merge remote-tracking branch 'otubo/seccomp' into staging

* otubo/seccomp: seccomp: add some basic shared memory syscalls to the whitelist seccomp: add mkdir() and fchmod() to the whitelist Message-id: 1390231004-18392-1-git-send-email-otubo@linux.vnet.ibm.com Signed-off-by: Anthony Liguori <aliguori@amazon.com>
author: Anthony Liguori <aliguori@amazon.com> 2014-01-24 15:52:16 -0800
committer: Anthony Liguori <aliguori@amazon.com> 2014-01-24 15:52:16 -0800
commit: 1c51e68b182bb335464bb19ad2517fd43c58c127 (patch)
tree: 332596bca133ed8b719d25aeeca47ac927fb651a
parent: 7d64b2c2e22d956b358a97323f0d70060dcd9a06 (diff)
parent: 918b94e2873cd5fe8aef06d269b4a4c7d0832ce7 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index b7c125364c..caa926ebf2 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -220,7 +220,12 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(io_cancel), 241 },
     { SCMP_SYS(io_setup), 241 },
     { SCMP_SYS(io_destroy), 241 },
-    { SCMP_SYS(arch_prctl), 240 }
+    { SCMP_SYS(arch_prctl), 240 },
+    { SCMP_SYS(mkdir), 240 },
+    { SCMP_SYS(fchmod), 240 },
+    { SCMP_SYS(shmget), 240 },
+    { SCMP_SYS(shmat), 240 },
+    { SCMP_SYS(shmdt), 240 }
 };
 
 int seccomp_start(void)
author	Anthony Liguori <aliguori@amazon.com>	2014-01-24 15:52:16 -0800
committer	Anthony Liguori <aliguori@amazon.com>	2014-01-24 15:52:16 -0800
commit	1c51e68b182bb335464bb19ad2517fd43c58c127 (patch)
tree	332596bca133ed8b719d25aeeca47ac927fb651a
parent	7d64b2c2e22d956b358a97323f0d70060dcd9a06 (diff)
parent	918b94e2873cd5fe8aef06d269b4a4c7d0832ce7 (diff)