Re: [Qemu-devel] [PATCH] linux-user: return EINVAL from prctl(PR_*_SECCOMP)

[Peter Maydell]

On 3 November 2017 at 15:52, James Cowgill <address@hidden> wrote:
> On 03/11/17 14:29, Laurent Vivier wrote:
>> I think we should allow PR_GET_SECCOMP, and at least all the modes
>> except SECCOMP_MODE_FILTER for PR_SET_SECCOMP.
>
> I tried allowing SECCOMP_MODE_STRICT and made a small test program. It
> seems that qemu is SIGKILLed when _exit is used because qemu itself
> tries to call rt_sigprocmask which is not an allowed syscall.
>
> PR_GET_SECCOMP can probably be allowed. My reasoning for disabling it
> was to match the kernel behavior for when seccomp is disabled by the
> Kconfig option.

I think I like "behave like a kernel with seccomp disabled" --
it's a clean line that we can assume won't confuse guest programs.
Laurent?

thanks
-- PMM