diff mbox

[PULL,01/01] seccomp: adding getrusage to the whitelist

Message ID 1474450699-17017-2-git-send-email-eduardo.otubo@profitbricks.com (mailing list archive)
State New, archived
Headers show

Commit Message

Eduardo Otubo Sept. 21, 2016, 9:38 a.m. UTC
getrusage is used in a number of places throughout the qemu codebase
(notably, in crypto/pbkdf.c).  Without this syscall being whitelisted,
qemu ends up getting killed by the kernel whenever you try to connect to
a VNC console.

Signed-off-by: Brian Rak <brak@gameservers.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
---
 qemu-seccomp.c | 1 +
 1 file changed, 1 insertion(+)
diff mbox

Patch

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index cb569dc..df75d9c 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -65,6 +65,7 @@  static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(prctl), 245 },
     { SCMP_SYS(signalfd), 245 },
     { SCMP_SYS(getrlimit), 245 },
+    { SCMP_SYS(getrusage), 245 },
     { SCMP_SYS(set_tid_address), 245 },
     { SCMP_SYS(statfs), 245 },
     { SCMP_SYS(unlink), 245 },