[Qemu-devel] [PATCH v2 0/2] Enable seccomp on MIPS

[James Hogan]

These patches enable seccomp sandboxing on MIPS.

libseccomp has supported MIPS since 2.2.0, but cacheflush isn't included
in the whitelist until libseccomp 2.2.3 since thats when it was enabled
for ARM. The first patch fixes that so that it will work with MIPS right
back to 2.2.0.

Finally the second patch enables seccomp in the configure script for
MIPS since libseccomp 2.2.0.

Incidentally, when cacheflush(2) was being used prior to it appearing in
the whitelist, I noticed that only a single thread was being killed by
SCMP_ACT_KILL (which the man page also confirms) rather than the whole
process, simply resulting in a lockup, and making it tricky to debug
since it wasn't immediately obvious what had happened (same thing can be
made to happen on x86 if e.g. read syscall is disallowed).

Should we be using the apparently more helpful SCMP_ACT_TRAP instead of
SCMP_ACT_KILL, or is that considered less secure? It would seem
preferable if we could kill the whole process in a recognisable way
instead of hanging it.

Changes in v2:
- Added Peter's comment in patch 1.

James Hogan (2):
  seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
  configure: Enable seccomp sandbox for MIPS

 configure      | 3 +++
 qemu-seccomp.c | 8 +++++---
 2 files changed, 8 insertions(+), 3 deletions(-)
-- 
2.4.10