|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [qemu-upstream-unstable] seccomp: add kill() to the syscall whitelist
commit 08dde5b17b56d64c1536177866eafa98db4fba74
Author: Paul Moore <pmoore@xxxxxxxxxx>
AuthorDate: Thu Nov 21 10:40:15 2013 -0500
Commit: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
CommitDate: Mon Dec 9 11:40:30 2013 -0600
seccomp: add kill() to the syscall whitelist
The kill() syscall is triggered with the following command:
# qemu -sandbox on -monitor stdio \
-device intel-hda -device hda-duplex -vnc :0
The resulting syslog/audit message:
# ausearch -m SECCOMP
----
time->Wed Nov 20 09:52:08 2013
type=SECCOMP msg=audit(1384912328.482:6656): auid=0 uid=0 gid=0 ses=854
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087
comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0
# scmp_sys_resolver 62
kill
Reported-by: CongLi <coli@xxxxxxxxxx>
Tested-by: CongLi <coli@xxxxxxxxxx>
Signed-off-by: Paul Moore <pmoore@xxxxxxxxxx>
Acked-by: Eduardo Otubo <otubo@xxxxxxxxxxxxxxxxxx>
(cherry picked from commit e9eecb5bf82a71564bf018fcbbfc6cda19cab6c2)
Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
---
qemu-seccomp.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..fb3cbfd 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -113,6 +113,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
= {
{ SCMP_SYS(write), 244 },
{ SCMP_SYS(fcntl), 243 },
{ SCMP_SYS(tgkill), 242 },
+ { SCMP_SYS(kill), 242 },
{ SCMP_SYS(rt_sigaction), 242 },
{ SCMP_SYS(pipe2), 242 },
{ SCMP_SYS(munmap), 242 },
--
generated by git-patchbot for /home/xen/git/qemu-upstream-unstable.git
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |