aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiroslav Rezanina <mrezanin@redhat.com>2016-03-07 10:34:46 +0100
committerEduardo Otubo <eduardo.otubo@profitbricks.com>2016-04-16 20:27:44 +0200
commit8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343 (patch)
treee72f7341492296b2dd93160ae57bab4ca0ec6917
parent81bed73b5395c4c17dee6efebd44dd34b8f40d99 (diff)
seccomp: adding sysinfo system call to whitelist
Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call so qemu using rbd image hang after start when run in sandbox mode. To allow using rbd images in sandbox mode we have to whitelist it. Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
-rw-r--r--qemu-seccomp.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 138ee022a8..cb569dc058 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -252,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
#ifdef HAVE_CACHEFLUSH
{ SCMP_SYS(cacheflush), 240 },
#endif
+ { SCMP_SYS(sysinfo), 240 },
};
int seccomp_start(void)