seccomp: add arch_prctl() to the syscall whitelist

It appears that even a very simple /etc/qemu-ifup configuration can require the arch_prctl() syscall, see the example below: #!/bin/sh /sbin/ifconfig $1 0.0.0.0 up /usr/sbin/brctl addif <switch> $1 Signed-off-by: Paul Moore <pmoore@redhat.com> Reviewed-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> Message-id: 20130718135703.8247.19213.stgit@localhost Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
author: Paul Moore <pmoore@redhat.com> 2013-07-18 09:57:03 -0400
committer: Anthony Liguori <aliguori@us.ibm.com> 2013-07-29 19:56:52 -0500
commit: d2509b667caf482b6f827ff2645cbeb9b39ce29e (patch)
tree: b5380be92618b3729ae7752fbfd91b9b7d1c09ac /qemu-seccomp.c
parent: 94113bd8a1d9acd05a879bc309cc659ace09e287 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 1d2f51c51d..37d38f881c 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -217,7 +217,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(waitid), 241 },
     { SCMP_SYS(io_cancel), 241 },
     { SCMP_SYS(io_setup), 241 },
-    { SCMP_SYS(io_destroy), 241 }
+    { SCMP_SYS(io_destroy), 241 },
+    { SCMP_SYS(arch_prctl), 240 }
 };
 
 int seccomp_start(void)
author	Paul Moore <pmoore@redhat.com>	2013-07-18 09:57:03 -0400
committer	Anthony Liguori <aliguori@us.ibm.com>	2013-07-29 19:56:52 -0500
commit	d2509b667caf482b6f827ff2645cbeb9b39ce29e (patch)
tree	b5380be92618b3729ae7752fbfd91b9b7d1c09ac /qemu-seccomp.c
parent	94113bd8a1d9acd05a879bc309cc659ace09e287 (diff)