Home Explore Help
Register Sign In
FangSoftSoft
/
qemu
mirror of https://github.com/utmapp/qemu.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

seccomp: add kill() to the syscall whitelist

The kill() syscall is triggered with the following command:

 # qemu -sandbox on -monitor stdio \
        -device intel-hda -device hda-duplex -vnc :0

The resulting syslog/audit message:

 # ausearch -m SECCOMP
 ----
 time->Wed Nov 20 09:52:08 2013
 type=SECCOMP msg=audit(1384912328.482:6656): auid=0 uid=0 gid=0 ses=854
  subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087
  comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0
 # scmp_sys_resolver 62
 kill

Reported-by: CongLi <coli@redhat.com>
Tested-by: CongLi <coli@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
Paul Moore 11 years ago
parent
7dc65c02fe
commit
e9eecb5bf8
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      qemu-seccomp.c

+ 1 - 0
qemu-seccomp.c
View File 

@@ -114,6 +114,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
 
     { SCMP_SYS(write), 244 },
 
     { SCMP_SYS(fcntl), 243 },
 
     { SCMP_SYS(tgkill), 242 },
 
+    { SCMP_SYS(kill), 242 },
 
     { SCMP_SYS(rt_sigaction), 242 },
 
     { SCMP_SYS(pipe2), 242 },
 
     { SCMP_SYS(munmap), 242 },