On Thursday, November 21, 2013 02:40:48 PM Eduardo Otubo wrote:
> On 11/21/2013 01:40 PM, Paul Moore wrote:
> > The kill() syscall is triggered with the following command:
> > # qemu -sandbox on -monitor stdio \
> >
> > -device intel-hda -device hda-duplex -vnc :0
> >
> > The resulting syslog/audit message:
> > # ausearch -m SECCOMP
> > ----
> > time->Wed Nov 20 09:52:08 2013
> > type=SECCOMP msg=audit(1384912328.482:6656): auid=0 uid=0 gid=0 ses=854
> >
> > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087
> > comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0
> >
> > # scmp_sys_resolver 62
> > kill
> >
> > Reported-by: CongLi <c...@redhat.com>
> > Tested-by: CongLi <c...@redhat.com>
> > Signed-off-by: Paul Moore <pmo...@redhat.com>
> > ---
> >
> > qemu-seccomp.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> > index 69cee44..cf07869 100644
> > --- a/qemu-seccomp.c
> > +++ b/qemu-seccomp.c
> > @@ -114,6 +114,7 @@ static const struct QemuSeccompSyscall
> > seccomp_whitelist[] = {>
> > { SCMP_SYS(write), 244 },
> > { SCMP_SYS(fcntl), 243 },
> > { SCMP_SYS(tgkill), 242 },
> >
> > + { SCMP_SYS(kill), 242 },
> >
> > { SCMP_SYS(rt_sigaction), 242 },
> > { SCMP_SYS(pipe2), 242 },
> > { SCMP_SYS(munmap), 242 },
>
> ACK, Reviewed and tested.
> (I'll send a pull request tomorrow EOD)
>
> Reviewed-by: Eduardo Otubo <ot...@linux.vnet.ibm.com>
Ping?
--
paul moore
security and virtualization @ redhat
