Il 04/05/2012 23:59, Andreas Färber ha scritto:
>> > +static struct qemu_seccomp_syscall seccomp_whitelist[] = {
>> > + {SCMP_SYS(timer_settime), 255},
> Spaces inside braces please.
>
>> > + {SCMP_SYS(timer_gettime), 254},
>> > + {SCMP_SYS(futex), 253},
>> > + {SCMP_SYS(select), 252},
>> > + {SCMP_SYS(recvfrom), 251},
>> > + {SCMP_SYS(sendto), 250},
>> > + {SCMP_SYS(read), 249},
>> > + {SCMP_SYS(brk), 248},
>> > + {SCMP_SYS(clone), 247},
>> > + {SCMP_SYS(mmap), 247},
>> > + {SCMP_SYS(mprotect), 246},
>> > + {SCMP_SYS(rt_sigprocmask), 245},
>> > + {SCMP_SYS(write), 244},
>> > + {SCMP_SYS(fcntl), 243},
>> > + {SCMP_SYS(tgkill), 242},
>> > + {SCMP_SYS(rt_sigaction), 242},
>> > + {SCMP_SYS(pipe2), 242},
>> > + {SCMP_SYS(munmap), 242},
>> > + {SCMP_SYS(mremap), 242},
>> > + {SCMP_SYS(getsockname), 242},
>> > + {SCMP_SYS(getpeername), 242},
>> > + {SCMP_SYS(fdatasync), 242},
>> > + {SCMP_SYS(close), 242}
>> > +};
>> > +
At least the following are also used: recvmsg, sendmsg, accept, connect,
bind, listen, ioctl, fallocate, eventfd. I don't know if all of them
have to be included in the list. Other syscalls are not used but
probably should be allowed for simplicity, for example poll.
For ioctl, we may want to refine the white-list depending on the
argument, and perhaps even filter by file descriptor (the KVM ioctls are
in relatively fast paths, so it would be nice if they were passed with
fewer BPF ops).
BTW, please keep this out of vl.c, so that all hairiness can be added as
appropriate.
Paolo
