Re: [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile

From:	Philippe Mathieu-Daudé
Subject:	Re: [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile
Date:	Sat, 6 May 2017 13:33:56 -0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

Hi Fam, Alex, Paolo,

On 05/05/2017 12:23 AM, Fam Zheng wrote:

Some by default blocked syscalls are required to run tests for example
userfaultfd.

Signed-off-by: Fam Zheng <address@hidden>
---
 tests/docker/Makefile.include | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 0ed8c3d..09d157c 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -127,6 +127,7 @@ docker-run: docker-qemu-src
        $(call quiet-command,                                           \
                $(SRC_PATH)/tests/docker/docker.py run                  \
                        $(if $(NOUSER),,-u $(shell id -u)) -t           \
+                       --security-opt seccomp=unconfined               \

I think this should be an option in the matrix, and eventually run testsusing userfaultfd() apart.


                $(if $(UNCONFINED),,--security-opt seccomp=unconfined)

I'm having the same problem with getcontext() using x32 ABI.

                        $(if $V,,--rm)                                  \
                        $(if $(DEBUG),-i,--net=none)                    \
                        -e TARGET_LIST=$(TARGET_LIST)                   \


Regards,

Phil.

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/5] docker: Add test-block, Fam Zheng, 2017/05/04
- [Qemu-devel] [PATCH 1/5] docker: Run tests with current user, Fam Zheng, 2017/05/04
  - Re: [Qemu-devel] [PATCH 1/5] docker: Run tests with current user, Alex Bennée, 2017/05/05
  - Re: [Qemu-devel] [PATCH 1/5] docker: Run tests with current user, Philippe Mathieu-Daudé, 2017/05/06
- [Qemu-devel] [PATCH 2/5] docker: Add bzip2 and hostname to fedora image, Fam Zheng, 2017/05/04
  - Re: [Qemu-devel] [PATCH 2/5] docker: Add bzip2 and hostname to fedora image, Alex Bennée, 2017/05/05
  - Re: [Qemu-devel] [PATCH 2/5] docker: Add bzip2 and hostname to fedora image, Philippe Mathieu-Daudé, 2017/05/06
- [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile, Fam Zheng, 2017/05/04
  - Re: [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile, Alex Bennée, 2017/05/05
    - Re: [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile, Fam Zheng, 2017/05/05
  - Re: [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile, Philippe Mathieu-Daudé <=
- [Qemu-devel] [PATCH 4/5] docker: Add libaio to fedora image, Fam Zheng, 2017/05/04
  - Re: [Qemu-devel] [PATCH 4/5] docker: Add libaio to fedora image, Alex Bennée, 2017/05/05
  - Re: [Qemu-devel] [PATCH 4/5] docker: Add libaio to fedora image, Philippe Mathieu-Daudé, 2017/05/06
- [Qemu-devel] [PATCH 5/5] docker: Add test-block, Fam Zheng, 2017/05/04
  - Re: [Qemu-devel] [PATCH 5/5] docker: Add test-block, Alex Bennée, 2017/05/05
    - Re: [Qemu-devel] [PATCH 5/5] docker: Add test-block, Fam Zheng, 2017/05/05
  - Re: [Qemu-devel] [PATCH 5/5] docker: Add test-block, Yash Mankad, 2017/05/08
  - Re: [Qemu-devel] [PATCH 5/5] docker: Add test-block, Daniel P. Berrange, 2017/05/08
- Re: [Qemu-devel] [PATCH 0/5] docker: Add test-block, Paolo Bonzini, 2017/05/05
  - Re: [Qemu-devel] [PATCH 0/5] docker: Add test-block, Fam Zheng, 2017/05/05

Prev by Date: Re: [Qemu-devel] [PATCH 4/5] docker: Add libaio to fedora image
Next by Date: Re: [Qemu-devel] [PATCH 2/5] docker: Add bzip2 and hostname to fedora image
Previous by thread: Re: [Qemu-devel] [PATCH 3/5] docker: Use unconfined security profile
Next by thread: [Qemu-devel] [PATCH 4/5] docker: Add libaio to fedora image
Index(es):
- Date
- Thread