seccomp: add mbind() to the syscall whitelist

The "memory-backend-ram" QOM object utilizes the mbind(2) syscall to set the policy for a memory range. Add the syscall to the seccomp sandbox whitelist. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com> Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com> Tested-by: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
author: Paul Moore <pmoore@redhat.com> 2014-12-17 15:50:09 -0500
committer: Eduardo Otubo <eduardo.otubo@profitbricks.com> 2015-01-05 18:13:38 +0100
commit: ea259acae5b2d88ee6e92caf1cf44eb501eaef47 (patch)
tree: 2528f5ad79dce968699b1930deb99f8f853a10b5 /qemu-seccomp.c
parent: aa49668cc3cc680187e9e9b1d2eb8d64d72bff3e (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index af6a375127..b0c626984f 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -235,7 +235,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(fallocate), 240 },
     { SCMP_SYS(fadvise64), 240 },
     { SCMP_SYS(inotify_init1), 240 },
-    { SCMP_SYS(inotify_add_watch), 240 }
+    { SCMP_SYS(inotify_add_watch), 240 },
+    { SCMP_SYS(mbind), 240 }
 };
 
 int seccomp_start(void)
author	Paul Moore <pmoore@redhat.com>	2014-12-17 15:50:09 -0500
committer	Eduardo Otubo <eduardo.otubo@profitbricks.com>	2015-01-05 18:13:38 +0100
commit	ea259acae5b2d88ee6e92caf1cf44eb501eaef47 (patch)
tree	2528f5ad79dce968699b1930deb99f8f853a10b5 /qemu-seccomp.c
parent	aa49668cc3cc680187e9e9b1d2eb8d64d72bff3e (diff)