seccomp branch queue
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJWSZjUAAoJEP0M/1sS+L0vR3oH/3mlk8bMtuiNZbKE7SlwL7Nu 7NdOnYlPHyX+wAV/dpjUf4WXIqAy0c01zOcy3a1uWslW52NgDU7Xn9sT5+j6Kc87 PbRhWcN3tvApKgi2KD/il3/z7KnC6BUMbnsfIDM7ZAsejOshF69p72XVJmcsrsgK +J/2HD9RobJMt86JceaFRoWe5wBWp2AFydWcjOePqFkzcj6sHnQNbMl9YM8jw6/8 nTc7NnK5DDYY+wgOBb14ywPhMLZBbjDHRoTGRhojx0HFd3/NcKUMxzgVqF/7A+2Y XZ2OE4yFe2Z8hQeCnE1wuUrgyqYgwOiVVgCk8ovHxYeqVzej8Qu863qQT4E56Bo= =dH0/ -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20151116' into staging seccomp branch queue # gpg: Signature made Mon 16 Nov 2015 08:50:28 GMT using RSA key ID 12F8BD2F # gpg: Good signature from "Eduardo Otubo (Software Engineer @ ProfitBricks) <eduardo.otubo@profitbricks.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 1C96 46B6 E1D1 C38A F2EC 3FDE FD0C FF5B 12F8 BD2F * remotes/otubo/tags/pull-seccomp-20151116: seccomp: loosen library version dependency configure: arm/aarch64: allow enable-seccomp seccomp: add cacheflush to whitelist Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
c257779e2a
32
configure
vendored
32
configure
vendored
@ -1888,16 +1888,34 @@ fi
|
|||||||
# libseccomp check
|
# libseccomp check
|
||||||
|
|
||||||
if test "$seccomp" != "no" ; then
|
if test "$seccomp" != "no" ; then
|
||||||
if test "$cpu" = "i386" || test "$cpu" = "x86_64" &&
|
case "$cpu" in
|
||||||
$pkg_config --atleast-version=2.1.1 libseccomp; then
|
i386|x86_64)
|
||||||
|
libseccomp_minver="2.1.0"
|
||||||
|
;;
|
||||||
|
arm|aarch64)
|
||||||
|
libseccomp_minver="2.2.3"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
libseccomp_minver=""
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if test "$libseccomp_minver" != "" &&
|
||||||
|
$pkg_config --atleast-version=$libseccomp_minver libseccomp ; then
|
||||||
libs_softmmu="$libs_softmmu `$pkg_config --libs libseccomp`"
|
libs_softmmu="$libs_softmmu `$pkg_config --libs libseccomp`"
|
||||||
QEMU_CFLAGS="$QEMU_CFLAGS `$pkg_config --cflags libseccomp`"
|
QEMU_CFLAGS="$QEMU_CFLAGS `$pkg_config --cflags libseccomp`"
|
||||||
seccomp="yes"
|
seccomp="yes"
|
||||||
else
|
else
|
||||||
if test "$seccomp" = "yes"; then
|
if test "$seccomp" = "yes" ; then
|
||||||
feature_not_found "libseccomp" "Install libseccomp devel >= 2.1.1"
|
if test "$libseccomp_minver" != "" ; then
|
||||||
fi
|
feature_not_found "libseccomp" \
|
||||||
seccomp="no"
|
"Install libseccomp devel >= $libseccomp_minver"
|
||||||
|
else
|
||||||
|
feature_not_found "libseccomp" \
|
||||||
|
"libseccomp is not supported for host cpu $cpu"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
seccomp="no"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
##########################################
|
##########################################
|
||||||
|
@ -16,6 +16,14 @@
|
|||||||
#include <seccomp.h>
|
#include <seccomp.h>
|
||||||
#include "sysemu/seccomp.h"
|
#include "sysemu/seccomp.h"
|
||||||
|
|
||||||
|
#if SCMP_VER_MAJOR >= 3
|
||||||
|
#define HAVE_CACHEFLUSH
|
||||||
|
#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3
|
||||||
|
#define HAVE_CACHEFLUSH
|
||||||
|
#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3
|
||||||
|
#define HAVE_CACHEFLUSH
|
||||||
|
#endif
|
||||||
|
|
||||||
struct QemuSeccompSyscall {
|
struct QemuSeccompSyscall {
|
||||||
int32_t num;
|
int32_t num;
|
||||||
uint8_t priority;
|
uint8_t priority;
|
||||||
@ -238,7 +246,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
|
|||||||
{ SCMP_SYS(inotify_init1), 240 },
|
{ SCMP_SYS(inotify_init1), 240 },
|
||||||
{ SCMP_SYS(inotify_add_watch), 240 },
|
{ SCMP_SYS(inotify_add_watch), 240 },
|
||||||
{ SCMP_SYS(mbind), 240 },
|
{ SCMP_SYS(mbind), 240 },
|
||||||
{ SCMP_SYS(memfd_create), 240 }
|
{ SCMP_SYS(memfd_create), 240 },
|
||||||
|
#ifdef HAVE_CACHEFLUSH
|
||||||
|
{ SCMP_SYS(cacheflush), 240 },
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
int seccomp_start(void)
|
int seccomp_start(void)
|
||||||
|
Loading…
Reference in New Issue
Block a user