seccomp: adding sysinfo system call to whitelist

Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call so qemu using rbd image hang after start when run in sandbox mode. To allow using rbd images in sandbox mode we have to whitelist it. Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
author: Miroslav Rezanina <mrezanin@redhat.com> 2016-03-07 10:34:46 +0100
committer: Eduardo Otubo <eduardo.otubo@profitbricks.com> 2016-04-16 20:27:44 +0200
commit: 8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343 (patch)
tree: e72f7341492296b2dd93160ae57bab4ca0ec6917
parent: 81bed73b5395c4c17dee6efebd44dd34b8f40d99 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 138ee022a8..cb569dc058 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -252,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
 #ifdef HAVE_CACHEFLUSH
     { SCMP_SYS(cacheflush), 240 },
 #endif
+    { SCMP_SYS(sysinfo), 240 },
 };
 
 int seccomp_start(void)
author	Miroslav Rezanina <mrezanin@redhat.com>	2016-03-07 10:34:46 +0100
committer	Eduardo Otubo <eduardo.otubo@profitbricks.com>	2016-04-16 20:27:44 +0200
commit	8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343 (patch)
tree	e72f7341492296b2dd93160ae57bab4ca0ec6917
parent	81bed73b5395c4c17dee6efebd44dd34b8f40d99 (diff)