diff options
author | Miroslav Rezanina <mrezanin@redhat.com> | 2016-03-07 10:34:46 +0100 |
---|---|---|
committer | Eduardo Otubo <eduardo.otubo@profitbricks.com> | 2016-04-16 20:27:44 +0200 |
commit | 8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343 (patch) | |
tree | e72f7341492296b2dd93160ae57bab4ca0ec6917 | |
parent | 81bed73b5395c4c17dee6efebd44dd34b8f40d99 (diff) |
seccomp: adding sysinfo system call to whitelist
Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call
so qemu using rbd image hang after start when run in sandbox mode.
To allow using rbd images in sandbox mode we have to whitelist it.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
-rw-r--r-- | qemu-seccomp.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 138ee022a8..cb569dc058 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -252,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { #ifdef HAVE_CACHEFLUSH { SCMP_SYS(cacheflush), 240 }, #endif + { SCMP_SYS(sysinfo), 240 }, }; int seccomp_start(void) |