[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] linux-user: return EINVAL from prctl(PR_*_SECCO
From: |
Laurent Vivier |
Subject: |
Re: [Qemu-devel] [PATCH] linux-user: return EINVAL from prctl(PR_*_SECCOMP) |
Date: |
Fri, 3 Nov 2017 17:33:14 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 |
Le 03/11/2017 à 17:01, Peter Maydell a écrit :
> On 3 November 2017 at 15:52, James Cowgill <address@hidden> wrote:
>> On 03/11/17 14:29, Laurent Vivier wrote:
>>> I think we should allow PR_GET_SECCOMP, and at least all the modes
>>> except SECCOMP_MODE_FILTER for PR_SET_SECCOMP.
>>
>> I tried allowing SECCOMP_MODE_STRICT and made a small test program. It
>> seems that qemu is SIGKILLed when _exit is used because qemu itself
>> tries to call rt_sigprocmask which is not an allowed syscall.
>>
>> PR_GET_SECCOMP can probably be allowed. My reasoning for disabling it
>> was to match the kernel behavior for when seccomp is disabled by the
>> Kconfig option.
>
> I think I like "behave like a kernel with seccomp disabled" --
> it's a clean line that we can assume won't confuse guest programs.
> Laurent?
I agree. I didn't think about all the syscalls QEMU can do aside of the
executed program. So your solution is the good one.
Reviewed-by: Laurent Vivier <address@hidden>
Thanks,
Laurent