seccomp: add arch_prctl() to the syscall whitelist It appears that even a very simple /etc/qemu-ifup configuration can require the arch_prctl() syscall, see the example below: #!/bin/sh /sbin/ifconfig $1 0.0.0.0 up /usr/sbin/brctl addif <switch> $1 Signed-off-by: Paul Moore <pmoore@redhat.com> Reviewed-by: Eduardo Otubo <otubo@linux.vnet.ibm.com> Message-id: 20130718135703.8247.19213.stgit@localhost Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

commit: d2509b667caf482b6f827ff2645cbeb9b39ce29e [log] [tgz]
author: Paul Moore <pmoore@redhat.com> Thu Jul 18 09:57:03 2013 -0400
committer: Anthony Liguori <aliguori@us.ibm.com> Mon Jul 29 19:56:52 2013 -0500
tree: b5380be92618b3729ae7752fbfd91b9b7d1c09ac
parent: 94113bd8a1d9acd05a879bc309cc659ace09e287 [diff] [blame]
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 1d2f51c..37d38f8 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c

@@ -217,7 +217,8 @@
     { SCMP_SYS(waitid), 241 },
     { SCMP_SYS(io_cancel), 241 },
     { SCMP_SYS(io_setup), 241 },
-    { SCMP_SYS(io_destroy), 241 }
+    { SCMP_SYS(io_destroy), 241 },
+    { SCMP_SYS(arch_prctl), 240 }
 };
 
 int seccomp_start(void)
commit	d2509b667caf482b6f827ff2645cbeb9b39ce29e	[log] [tgz]
author	Paul Moore <pmoore@redhat.com>	Thu Jul 18 09:57:03 2013 -0400
committer	Anthony Liguori <aliguori@us.ibm.com>	Mon Jul 29 19:56:52 2013 -0500
tree	b5380be92618b3729ae7752fbfd91b9b7d1c09ac
parent	94113bd8a1d9acd05a879bc309cc659ace09e287 [diff] [blame]