diff options
author | Andrew Jones <drjones@redhat.com> | 2015-11-02 23:53:26 +0100 |
---|---|---|
committer | Eduardo Otubo <eduardo.otubo@profitbricks.com> | 2015-11-16 09:48:53 +0100 |
commit | 47d2067af3424c1a9b1b215dfc6b0c55ac4b3ee7 (patch) | |
tree | 36cfd55df988407d255c678b375047c5597d0f49 | |
parent | 8337c6cbc37c6b2184f41bab3eaff47d5e68012a (diff) |
seccomp: add cacheflush to whitelist
cacheflush is an arm-specific syscall that qemu built for arm
uses. Add it to the whitelist, but only if we're linking with
a recent enough libseccomp.
Signed-off-by: Andrew Jones <drjones@redhat.com>
-rw-r--r-- | qemu-seccomp.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 80d034a8d5..c831fe83ad 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -16,6 +16,14 @@ #include <seccomp.h> #include "sysemu/seccomp.h" +#if SCMP_VER_MAJOR >= 3 + #define HAVE_CACHEFLUSH +#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3 + #define HAVE_CACHEFLUSH +#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3 + #define HAVE_CACHEFLUSH +#endif + struct QemuSeccompSyscall { int32_t num; uint8_t priority; @@ -238,7 +246,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(inotify_init1), 240 }, { SCMP_SYS(inotify_add_watch), 240 }, { SCMP_SYS(mbind), 240 }, - { SCMP_SYS(memfd_create), 240 } + { SCMP_SYS(memfd_create), 240 }, +#ifdef HAVE_CACHEFLUSH + { SCMP_SYS(cacheflush), 240 }, +#endif }; int seccomp_start(void) |