diff options
| author | Paul Moore | 2014-02-26 16:25:01 +0100 |
|---|---|---|
| committer | Eduardo Otubo | 2014-04-25 19:52:03 +0200 |
| commit | e3f9bb011ae24a594310fa4917754945dc832f8f (patch) | |
| tree | 057e5123b92cf43787bf5d81acc5daadc2cf3fb3 /qemu-seccomp.c | |
| parent | seccomp: add timerfd_create and timerfd_settime to the whitelist (diff) | |
| download | qemu-e3f9bb011ae24a594310fa4917754945dc832f8f.tar.gz qemu-e3f9bb011ae24a594310fa4917754945dc832f8f.tar.xz qemu-e3f9bb011ae24a594310fa4917754945dc832f8f.zip | |
seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist
Additional testing reveals that PulseAudio requires shmctl() and the
mlock()/munlock() syscalls on some systems/configurations. As before,
on systems that do require these syscalls, the problem can be seen with
the following command line:
# qemu -monitor stdio -sandbox on \
-device intel-hda -device hda-duplex
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Diffstat (limited to 'qemu-seccomp.c')
| -rw-r--r-- | qemu-seccomp.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 46554bda4b..ea8094d043 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -227,7 +227,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(shmget), 240 }, { SCMP_SYS(shmat), 240 }, { SCMP_SYS(shmdt), 240 }, - { SCMP_SYS(timerfd_create), 240 } + { SCMP_SYS(timerfd_create), 240 }, + { SCMP_SYS(shmctl), 240 }, + { SCMP_SYS(mlock), 240 }, + { SCMP_SYS(munlock), 240 } }; int seccomp_start(void) |