On Wed, Dec 17, 2014 at 03:50:09PM -0500, Paul Moore wrote: > The "memory-backend-ram" QOM object utilizes the mbind(2) syscall to > set the policy for a memory range. Add the syscall to the seccomp > sandbox whitelist. > > Signed-off-by: Paul Moore <[email protected]> > --- > qemu-seccomp.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > index af6a375..b0c6269 100644 > --- a/qemu-seccomp.c > +++ b/qemu-seccomp.c > @@ -235,7 +235,8 @@ static const struct QemuSeccompSyscall > seccomp_whitelist[] = { > { SCMP_SYS(fallocate), 240 }, > { SCMP_SYS(fadvise64), 240 }, > { SCMP_SYS(inotify_init1), 240 }, > - { SCMP_SYS(inotify_add_watch), 240 } > + { SCMP_SYS(inotify_add_watch), 240 }, > + { SCMP_SYS(mbind), 240 } > }; > > int seccomp_start(void) >
Acked-by: Eduardo Otubo <[email protected]> I have a minor fix already in plan, so I'll do a pull request tomorrow by the end of the day. Thanks for the patch. -- Eduardo Otubo ProfitBricks GmbH
