openkylin
/
qemu
mirror of https://gitee.com/openkylin/qemu.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

seccomp branch queue 

-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXEotmAAoJEP0M/1sS+L0vzAEIAImgDVmrNVPLfN+JZ6JGbbPG
 VqcU2jJLF5caOv+VoGXgvfL03a7AlSAjoZ2ghf3ncokB7+81Z2h9kiskbR07VRNR
 bTCQley1xZyU2O8l8ckI5Lyc8vm+UmVwiDiMg93cH/kcbOaltz9xYu+PPrQTEQXG
 lvikpI/wIsyo3nveKBCvnzKUnz8mX7dyHwUD5J7cDAqfa6XuEkJLMbHAjIS3kr9Z
 UPC0olxrVil+HxCQUkQemwO+mhhgA6l+oqRNlDIwJU2d/e5HX43YWp6ETNkW8Bnd
 vI5tIM/tjjX32pqcMbcfpLC8wqSZPocxCSZgKV8a1OQyFXPu/v9QaP/qqGDezrI=
 =oVhZ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20160416' into staging

seccomp branch queue

# gpg: Signature made Sat 16 Apr 2016 19:58:46 BST using RSA key ID 12F8BD2F
# gpg: Good signature from "Eduardo Otubo (Software Engineer @ ProfitBricks) <eduardo.otubo@profitbricks.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 1C96 46B6 E1D1 C38A F2EC  3FDE FD0C FF5B 12F8 BD2F

* remotes/otubo/tags/pull-seccomp-20160416:
  seccomp: adding sysinfo system call to whitelist
  seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
  configure: Enable seccomp sandbox for MIPS

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2016-04-18 10:22:43 +01:00
parent c6c598ca5f 8e08f8a4a7
commit adde0204e4
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configure vendored
View File

@ -1872,6 +1872,9 @@ if test "$seccomp" != "no" ; then
i386|x86_64) i386|x86_64)
libseccomp_minver="2.1.0" libseccomp_minver="2.1.0"
;; ;;
mips)
libseccomp_minver="2.2.0"
;;
arm|aarch64) arm|aarch64)
libseccomp_minver="2.2.3" libseccomp_minver="2.2.3"
;; ;;

9
qemu-seccomp.c
View File

@ -16,11 +16,13 @@
#include <seccomp.h> #include <seccomp.h>
#include "sysemu/seccomp.h" #include "sysemu/seccomp.h"
/* For some architectures (notably ARM) cacheflush is not supported until
* libseccomp 2.2.3, but configure enforces that we are using a more recent
* version on those hosts, so it is OK for this check to be less strict.
*/
#if SCMP_VER_MAJOR >= 3 #if SCMP_VER_MAJOR >= 3
#define HAVE_CACHEFLUSH #define HAVE_CACHEFLUSH
#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3 #elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
#define HAVE_CACHEFLUSH
#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3
#define HAVE_CACHEFLUSH #define HAVE_CACHEFLUSH
#endif #endif
@ -250,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
#ifdef HAVE_CACHEFLUSH #ifdef HAVE_CACHEFLUSH
{ SCMP_SYS(cacheflush), 240 }, { SCMP_SYS(cacheflush), 240 },
#endif #endif
{ SCMP_SYS(sysinfo), 240 },
}; };
int seccomp_start(void) int seccomp_start(void)