Merge remote-tracking branch 'remotes/otubo/seccomp' into staging
* remotes/otubo/seccomp: seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist seccomp: add timerfd_create and timerfd_settime to the whitelist Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
e2da502c00
@ -143,6 +143,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
|
|||||||
{ SCMP_SYS(getsockname), 242 },
|
{ SCMP_SYS(getsockname), 242 },
|
||||||
{ SCMP_SYS(getpeername), 242 },
|
{ SCMP_SYS(getpeername), 242 },
|
||||||
{ SCMP_SYS(accept4), 242 },
|
{ SCMP_SYS(accept4), 242 },
|
||||||
|
{ SCMP_SYS(timerfd_settime), 242 },
|
||||||
{ SCMP_SYS(newfstatat), 241 },
|
{ SCMP_SYS(newfstatat), 241 },
|
||||||
{ SCMP_SYS(shutdown), 241 },
|
{ SCMP_SYS(shutdown), 241 },
|
||||||
{ SCMP_SYS(getsockopt), 241 },
|
{ SCMP_SYS(getsockopt), 241 },
|
||||||
@ -225,7 +226,11 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
|
|||||||
{ SCMP_SYS(fchmod), 240 },
|
{ SCMP_SYS(fchmod), 240 },
|
||||||
{ SCMP_SYS(shmget), 240 },
|
{ SCMP_SYS(shmget), 240 },
|
||||||
{ SCMP_SYS(shmat), 240 },
|
{ SCMP_SYS(shmat), 240 },
|
||||||
{ SCMP_SYS(shmdt), 240 }
|
{ SCMP_SYS(shmdt), 240 },
|
||||||
|
{ SCMP_SYS(timerfd_create), 240 },
|
||||||
|
{ SCMP_SYS(shmctl), 240 },
|
||||||
|
{ SCMP_SYS(mlock), 240 },
|
||||||
|
{ SCMP_SYS(munlock), 240 }
|
||||||
};
|
};
|
||||||
|
|
||||||
int seccomp_start(void)
|
int seccomp_start(void)
|
||||||
|
Loading…
Reference in New Issue
Block a user