aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Jones <drjones@redhat.com>2015-11-02 23:53:26 +0100
committerEduardo Otubo <eduardo.otubo@profitbricks.com>2015-11-16 09:48:53 +0100
commit47d2067af3424c1a9b1b215dfc6b0c55ac4b3ee7 (patch)
tree36cfd55df988407d255c678b375047c5597d0f49
parent8337c6cbc37c6b2184f41bab3eaff47d5e68012a (diff)
seccomp: add cacheflush to whitelist
cacheflush is an arm-specific syscall that qemu built for arm uses. Add it to the whitelist, but only if we're linking with a recent enough libseccomp. Signed-off-by: Andrew Jones <drjones@redhat.com>
-rw-r--r--qemu-seccomp.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 80d034a8d5..c831fe83ad 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -16,6 +16,14 @@
#include <seccomp.h>
#include "sysemu/seccomp.h"
+#if SCMP_VER_MAJOR >= 3
+ #define HAVE_CACHEFLUSH
+#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3
+ #define HAVE_CACHEFLUSH
+#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3
+ #define HAVE_CACHEFLUSH
+#endif
+
struct QemuSeccompSyscall {
int32_t num;
uint8_t priority;
@@ -238,7 +246,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(inotify_init1), 240 },
{ SCMP_SYS(inotify_add_watch), 240 },
{ SCMP_SYS(mbind), 240 },
- { SCMP_SYS(memfd_create), 240 }
+ { SCMP_SYS(memfd_create), 240 },
+#ifdef HAVE_CACHEFLUSH
+ { SCMP_SYS(cacheflush), 240 },
+#endif
};
int seccomp_start(void)