aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEduardo Otubo <eduardo.otubo@profitbricks.com>2016-09-21 11:09:22 +0200
committerEduardo Otubo <eduardo.otubo@profitbricks.com>2016-09-21 11:26:02 +0200
commitcf9dc9e4807464a9d0b3d7368b818323e14921eb (patch)
tree61741f0163d0908a2ecdbf987c09773ae4bf1aba
parenta008535b9fa396226ff9cf78b8ac5f3584bda58e (diff)
seccomp: adding getrusage to the whitelist
getrusage is used in a number of places throughout the qemu codebase (notably, in crypto/pbkdf.c). Without this syscall being whitelisted, qemu ends up getting killed by the kernel whenever you try to connect to a VNC console. Signed-off-by: Brian Rak <brak@gameservers.com> Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
-rw-r--r--qemu-seccomp.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index cb569dc058..df75d9c471 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -65,6 +65,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(prctl), 245 },
{ SCMP_SYS(signalfd), 245 },
{ SCMP_SYS(getrlimit), 245 },
+ { SCMP_SYS(getrusage), 245 },
{ SCMP_SYS(set_tid_address), 245 },
{ SCMP_SYS(statfs), 245 },
{ SCMP_SYS(unlink), 245 },