Re: [Qemu-devel] [PATCHv2 1/4] Adding new syscalls (bugzilla 855162)

[Corey Bryant]

On 11/01/2012 05:43 PM, Paul Moore wrote:
> On Tuesday, October 23, 2012 03:55:29 AM Eduardo Otubo wrote:
> > According to the bug 855162[0] - there's the need of adding new syscalls
> > to the whitelist whenn using Qemu with Libvirt.
> >
> > [0] - https://bugzilla.redhat.com/show_bug.cgi?id=855162
> >
> > v2: Adding new syscalls to the list: readlink, rt_sigpending, and
> >      rt_sigtimedwait
> >
> > Reported-by: Paul Moore <address@hidden>
> > Signed-off-by: Eduardo Otubo <address@hidden>
> > ---
> >   qemu-seccomp.c | 13 ++++++++++++-
> >   1 file changed, 12 insertions(+), 1 deletion(-)
>
> I had an opportunity to test this patchset on a F17 machine using QEMU 1.2 and
> unfortunately it still fails.  I'm using a relatively basic guest
> configuration running F16, the details are documented in the RH BZ that
> Eduardo mentioned in the patch description.

Paul, Here's the latest diff for the whitelist.  We're looking to get 
the patches out in the next few days after a bit more testing.

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 64329a3..81aaf74 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -45,6 +45,12 @@ static const struct QemuSeccompSyscall 
seccomp_whitelist[] = {
     { SCMP_SYS(access), 245 },
     { SCMP_SYS(prctl), 245 },
     { SCMP_SYS(signalfd), 245 },
+    { SCMP_SYS(getrlimit), 245 },
+    { SCMP_SYS(set_tid_address), 245 },
+    { SCMP_SYS(socketpair), 245 },
+    { SCMP_SYS(statfs), 245 },
+    { SCMP_SYS(unlink), 245 },
+    { SCMP_SYS(wait4), 245 },
 #if defined(__i386__)
     { SCMP_SYS(fcntl64), 245 },
     { SCMP_SYS(fstat64), 245 },
@@ -59,6 +65,8 @@ static const struct QemuSeccompSyscall 
seccomp_whitelist[] = {
     { SCMP_SYS(mmap2), 245},
     { SCMP_SYS(sigprocmask), 245 },
 #elif defined(__x86_64__)
+    { SCMP_SYS(semget), 245},
+#endif
     { SCMP_SYS(sched_getparam), 245},
     { SCMP_SYS(sched_getscheduler), 245},
     { SCMP_SYS(fstat), 245},
@@ -69,11 +77,15 @@ static const struct QemuSeccompSyscall 
seccomp_whitelist[] = {
     { SCMP_SYS(socket), 245},
     { SCMP_SYS(setsockopt), 245},
     { SCMP_SYS(uname), 245},
-    { SCMP_SYS(semget), 245},
-#endif
     { SCMP_SYS(eventfd2), 245 },
     { SCMP_SYS(dup), 245 },
+    { SCMP_SYS(dup2), 245 },
+    { SCMP_SYS(dup3), 245 },
     { SCMP_SYS(gettid), 245 },
+    { SCMP_SYS(getgid), 245 },
+    { SCMP_SYS(getegid), 245 },
+    { SCMP_SYS(getuid), 245 },
+    { SCMP_SYS(geteuid), 245 },
     { SCMP_SYS(timer_create), 245 },
     { SCMP_SYS(exit), 245 },
     { SCMP_SYS(clock_gettime), 245 },
@@ -107,7 +119,22 @@ static const struct QemuSeccompSyscall 
seccomp_whitelist[] = {
     { SCMP_SYS(getsockname), 242 },
     { SCMP_SYS(getpeername), 242 },
     { SCMP_SYS(fdatasync), 242 },
-    { SCMP_SYS(close), 242 }
+    { SCMP_SYS(close), 242 },
+    { SCMP_SYS(accept4), 242 },
+    { SCMP_SYS(rt_sigpending), 242 },
+    { SCMP_SYS(rt_sigtimedwait), 242 },
+    { SCMP_SYS(readv), 242 },
+    { SCMP_SYS(writev), 242 },
+    { SCMP_SYS(preadv), 242 },
+    { SCMP_SYS(pwritev), 242 },
+    { SCMP_SYS(setrlimit), 242 },
+    { SCMP_SYS(ftruncate), 242 },
+    { SCMP_SYS(lstat), 242 },
+    { SCMP_SYS(pipe), 242 },
+    { SCMP_SYS(umask), 242 },
+    { SCMP_SYS(chdir), 242 },
+    { SCMP_SYS(setitimer), 242 },
+    { SCMP_SYS(setsid), 242 }
 };

Regards,
Corey Bryant