From 4b45b055491a319292beefb8080a81d96cf55cf6 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 20 Jan 2015 14:32:33 +0100 Subject: [PATCH] seccomp: add mlockall to whitelist This is used by "-realtime mlock=on". Signed-off-by: Eduardo Otubo Signed-off-by: Paolo Bonzini Reviewed-by: Amit Shah Reviewed-by: Eduardo Habkost Tested-by: Eduardo Habkost Acked-by: Eduardo Otubo --- qemu-seccomp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index b0c626984f..f9de0d3390 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -229,6 +229,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(shmdt), 240 }, { SCMP_SYS(timerfd_create), 240 }, { SCMP_SYS(shmctl), 240 }, + { SCMP_SYS(mlockall), 240 }, { SCMP_SYS(mlock), 240 }, { SCMP_SYS(munlock), 240 }, { SCMP_SYS(semctl), 240 },