seccomp branch queue

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJXEotmAAoJEP0M/1sS+L0vzAEIAImgDVmrNVPLfN+JZ6JGbbPG VqcU2jJLF5caOv+VoGXgvfL03a7AlSAjoZ2ghf3ncokB7+81Z2h9kiskbR07VRNR bTCQley1xZyU2O8l8ckI5Lyc8vm+UmVwiDiMg93cH/kcbOaltz9xYu+PPrQTEQXG lvikpI/wIsyo3nveKBCvnzKUnz8mX7dyHwUD5J7cDAqfa6XuEkJLMbHAjIS3kr9Z UPC0olxrVil+HxCQUkQemwO+mhhgA6l+oqRNlDIwJU2d/e5HX43YWp6ETNkW8Bnd vI5tIM/tjjX32pqcMbcfpLC8wqSZPocxCSZgKV8a1OQyFXPu/v9QaP/qqGDezrI= =oVhZ -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20160416' into staging seccomp branch queue # gpg: Signature made Sat 16 Apr 2016 19:58:46 BST using RSA key ID 12F8BD2F # gpg: Good signature from "Eduardo Otubo (Software Engineer @ ProfitBricks) <eduardo.otubo@profitbricks.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 1C96 46B6 E1D1 C38A F2EC 3FDE FD0C FF5B 12F8 BD2F * remotes/otubo/tags/pull-seccomp-20160416: seccomp: adding sysinfo system call to whitelist seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3 configure: Enable seccomp sandbox for MIPS Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-04-18 10:22:43 +01:00 · 2016-04-18 10:22:43 +01:00 · adde0204e4
commit adde0204e4
parent c6c598ca5f 8e08f8a4a7
2 changed files with 9 additions and 3 deletions
--- a/3
+++ b/3
@ -1872,6 +1872,9 @@ if test "$seccomp" != "no" ; then
    i386|x86_64)
        libseccomp_minver="2.1.0"
        ;;
+    mips)
+        libseccomp_minver="2.2.0"
+        ;;
    arm|aarch64)
        libseccomp_minver="2.2.3"
        ;;
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@ -16,11 +16,13 @@
 #include <seccomp.h>
 #include "sysemu/seccomp.h"

+/* For some architectures (notably ARM) cacheflush is not supported until
+ * libseccomp 2.2.3, but configure enforces that we are using a more recent
+ * version on those hosts, so it is OK for this check to be less strict.
+ */
 #if SCMP_VER_MAJOR >= 3
  #define HAVE_CACHEFLUSH
-#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3
-  #define HAVE_CACHEFLUSH
-#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3
+#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
  #define HAVE_CACHEFLUSH
 #endif

@ -250,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
 #ifdef HAVE_CACHEFLUSH
    { SCMP_SYS(cacheflush), 240 },
 #endif
+    { SCMP_SYS(sysinfo), 240 },
 };

 int seccomp_start(void)