Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist

[Paul Moore]

On Monday, September 09, 2013 12:38:12 PM Paolo Bonzini wrote:
> Il 06/09/2013 20:41, Eduardo Otubo ha scritto:
> > Hello,
> > 
> >     Any chance to get this patch applied?
> > 
> > Thanks!
> 
> Paul, perhaps you can add yourself to MAINTAINERS and send a pull request?
> 
> Paolo

Out of respect for the work that Eduardo has done, and is continuing to do, 
with the QEMU seccomp filtering, I think Eduardo should be the one to take on 
this role.  If Eduardo declines I'll do ahead and submit a patch adding myself 
to the MAINTAINERS file.

> > On 09/04/2013 11:11 AM, Paul Moore wrote:
> >> On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
> >>> This was causing Qemu process to hang when using -sandbox on.
> >>> 
> >>> Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
> >>> 
> >>> Signed-off-by: Eduardo Otubo <address@hidden>
> >> 
> >> Works for me.
> >> 
> >> Tested-by: Paul Moore <address@hidden>
> >> 
> >>> ---
> >>> 
> >>>   qemu-seccomp.c |    1 +
> >>>   1 files changed, 1 insertions(+), 0 deletions(-)
> >>> 
> >>> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> >>> index 37d38f8..69cee44 100644
> >>> --- a/qemu-seccomp.c
> >>> +++ b/qemu-seccomp.c
> >>> @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
> >>> seccomp_whitelist[]
> >>> = { { SCMP_SYS(getuid), 245 },
> >>> 
> >>>       { SCMP_SYS(geteuid), 245 },
> >>>       { SCMP_SYS(timer_create), 245 },
> >>> 
> >>> +    { SCMP_SYS(times), 245 },
> >>> 
> >>>       { SCMP_SYS(exit), 245 },
> >>>       { SCMP_SYS(clock_gettime), 245 },
> >>>       { SCMP_SYS(time), 245 },

-- 
paul moore
security and virtualization @ redhat