[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] seccomp: add kill() to the syscall whitelist
|
From: |
Paul Moore |
|
Subject: |
Re: [Qemu-devel] [PATCH] seccomp: add kill() to the syscall whitelist |
|
Date: |
Tue, 26 Nov 2013 10:28:57 -0500 |
|
User-agent: |
KMail/4.11.3 (Linux/3.12.0-gentoo; KDE/4.11.3; x86_64; ; ) |
On Thursday, November 21, 2013 02:40:48 PM Eduardo Otubo wrote:
> On 11/21/2013 01:40 PM, Paul Moore wrote:
> > The kill() syscall is triggered with the following command:
> > # qemu -sandbox on -monitor stdio \
> >
> > -device intel-hda -device hda-duplex -vnc :0
> >
> > The resulting syslog/audit message:
> > # ausearch -m SECCOMP
> > ----
> > time->Wed Nov 20 09:52:08 2013
> > type=SECCOMP msg=audit(1384912328.482:6656): auid=0 uid=0 gid=0 ses=854
> >
> > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087
> > comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0
> >
> > # scmp_sys_resolver 62
> > kill
> >
> > Reported-by: CongLi <address@hidden>
> > Tested-by: CongLi <address@hidden>
> > Signed-off-by: Paul Moore <address@hidden>
> > ---
> >
> > qemu-seccomp.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > index 69cee44..cf07869 100644
> > --- a/qemu-seccomp.c
> > +++ b/qemu-seccomp.c
> > @@ -114,6 +114,7 @@ static const struct QemuSeccompSyscall
> > seccomp_whitelist[] = {>
> > { SCMP_SYS(write), 244 },
> > { SCMP_SYS(fcntl), 243 },
> > { SCMP_SYS(tgkill), 242 },
> >
> > + { SCMP_SYS(kill), 242 },
> >
> > { SCMP_SYS(rt_sigaction), 242 },
> > { SCMP_SYS(pipe2), 242 },
> > { SCMP_SYS(munmap), 242 },
>
> ACK, Reviewed and tested.
> (I'll send a pull request tomorrow EOD)
>
> Reviewed-by: Eduardo Otubo <address@hidden>
Ping?
--
paul moore
security and virtualization @ redhat