Merge remote-tracking branch 'remotes/otubo/seccomp' into staging

* remotes/otubo/seccomp:
  seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist
  seccomp: add timerfd_create and timerfd_settime to the whitelist

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2014-04-28 14:14:35 +01:00
commit e2da502c00

View File

@ -143,6 +143,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(getsockname), 242 }, { SCMP_SYS(getsockname), 242 },
{ SCMP_SYS(getpeername), 242 }, { SCMP_SYS(getpeername), 242 },
{ SCMP_SYS(accept4), 242 }, { SCMP_SYS(accept4), 242 },
{ SCMP_SYS(timerfd_settime), 242 },
{ SCMP_SYS(newfstatat), 241 }, { SCMP_SYS(newfstatat), 241 },
{ SCMP_SYS(shutdown), 241 }, { SCMP_SYS(shutdown), 241 },
{ SCMP_SYS(getsockopt), 241 }, { SCMP_SYS(getsockopt), 241 },
@ -225,7 +226,11 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(fchmod), 240 }, { SCMP_SYS(fchmod), 240 },
{ SCMP_SYS(shmget), 240 }, { SCMP_SYS(shmget), 240 },
{ SCMP_SYS(shmat), 240 }, { SCMP_SYS(shmat), 240 },
{ SCMP_SYS(shmdt), 240 } { SCMP_SYS(shmdt), 240 },
{ SCMP_SYS(timerfd_create), 240 },
{ SCMP_SYS(shmctl), 240 },
{ SCMP_SYS(mlock), 240 },
{ SCMP_SYS(munlock), 240 }
}; };
int seccomp_start(void) int seccomp_start(void)