diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-07-12 14:59:28 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-07-12 14:59:28 +0100 |
| commit | 7fdf16e1148a6133c5dee38140d75b0c9b96fa00 (patch) | |
| tree | 857e029ed5c80496b5f0ac0b7ace11329862192b | |
| parent | ff82d3c73ec20d6f40e8bbfafe8ed5110bba5049 (diff) | |
| parent | 056de1e894155fbb99e7b43c1c4382d4920cf437 (diff) | |
Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20180712' into staging
pull-seccomp-20180712
# gpg: Signature made Thu 12 Jul 2018 13:55:34 BST
# gpg: using RSA key DF32E7C0F0FFF9A2
# gpg: Good signature from "Eduardo Otubo (Senior Software Engineer) <otubo@redhat.com>"
# Primary key fingerprint: D67E 1B50 9374 86B4 0723 DBAB DF32 E7C0 F0FF F9A2
* remotes/otubo/tags/pull-seccomp-20180712:
seccomp: allow sched_setscheduler() with SCHED_IDLE policy
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | qemu-seccomp.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 148e4c6f24..9cd8eb9499 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -34,6 +34,12 @@ struct QemuSeccompSyscall { int32_t num; uint8_t set; + uint8_t narg; + const struct scmp_arg_cmp *arg_cmp; +}; + +const struct scmp_arg_cmp sched_setscheduler_arg[] = { + SCMP_A1(SCMP_CMP_NE, SCHED_IDLE) }; static const struct QemuSeccompSyscall blacklist[] = { @@ -92,7 +98,8 @@ static const struct QemuSeccompSyscall blacklist[] = { { SCMP_SYS(setpriority), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(sched_setparam), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(sched_getparam), QEMU_SECCOMP_SET_RESOURCECTL }, - { SCMP_SYS(sched_setscheduler), QEMU_SECCOMP_SET_RESOURCECTL }, + { SCMP_SYS(sched_setscheduler), QEMU_SECCOMP_SET_RESOURCECTL, + ARRAY_SIZE(sched_setscheduler_arg), sched_setscheduler_arg }, { SCMP_SYS(sched_getscheduler), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(sched_setaffinity), QEMU_SECCOMP_SET_RESOURCECTL }, { SCMP_SYS(sched_getaffinity), QEMU_SECCOMP_SET_RESOURCECTL }, @@ -118,7 +125,8 @@ static int seccomp_start(uint32_t seccomp_opts) continue; } - rc = seccomp_rule_add(ctx, SCMP_ACT_KILL, blacklist[i].num, 0); + rc = seccomp_rule_add_array(ctx, SCMP_ACT_KILL, blacklist[i].num, + blacklist[i].narg, blacklist[i].arg_cmp); if (rc < 0) { goto seccomp_return; } |