seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist

Additional testing reveals that PulseAudio requires shmctl() and the mlock()/munlock() syscalls on some systems/configurations. As before, on systems that do require these syscalls, the problem can be seen with the following command line: # qemu -monitor stdio -sandbox on \ -device intel-hda -device hda-duplex Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
author: Paul Moore <pmoore@redhat.com> 2014-02-26 10:25:01 -0500
committer: Eduardo Otubo <otubo@linux.vnet.ibm.com> 2014-04-25 14:52:03 -0300
commit: e3f9bb011ae24a594310fa4917754945dc832f8f (patch)
tree: 057e5123b92cf43787bf5d81acc5daadc2cf3fb3
parent: 84397618529f920bea45d0bab22ec097766244fc (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 46554bda4b..ea8094d043 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -227,7 +227,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(shmget), 240 },
     { SCMP_SYS(shmat), 240 },
     { SCMP_SYS(shmdt), 240 },
-    { SCMP_SYS(timerfd_create), 240 }
+    { SCMP_SYS(timerfd_create), 240 },
+    { SCMP_SYS(shmctl), 240 },
+    { SCMP_SYS(mlock), 240 },
+    { SCMP_SYS(munlock), 240 }
 };
 
 int seccomp_start(void)
author	Paul Moore <pmoore@redhat.com>	2014-02-26 10:25:01 -0500
committer	Eduardo Otubo <otubo@linux.vnet.ibm.com>	2014-04-25 14:52:03 -0300
commit	e3f9bb011ae24a594310fa4917754945dc832f8f (patch)
tree	057e5123b92cf43787bf5d81acc5daadc2cf3fb3
parent	84397618529f920bea45d0bab22ec097766244fc (diff)