On Wed, Dec 17, 2014 at 03:50:09PM -0500, Paul Moore wrote:
> The "memory-backend-ram" QOM object utilizes the mbind(2) syscall to
> set the policy for a memory range. Add the syscall to the seccomp
> sandbox whitelist.
>
> Signed-off-by: Paul Moore <pmo...@redhat.com>
Tested-by: Eduardo Habkost <ehabk...@redhat.com>
Reviewed-by: Eduardo Habkost <ehabk...@redhat.com>
> ---
> qemu-seccomp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/qemu-seccomp.c b/qemu-seccomp.c
> index af6a375..b0c6269 100644
> --- a/qemu-seccomp.c
> +++ b/qemu-seccomp.c
> @@ -235,7 +235,8 @@ static const struct QemuSeccompSyscall
> seccomp_whitelist[] = {
> { SCMP_SYS(fallocate), 240 },
> { SCMP_SYS(fadvise64), 240 },
> { SCMP_SYS(inotify_init1), 240 },
> - { SCMP_SYS(inotify_add_watch), 240 }
> + { SCMP_SYS(inotify_add_watch), 240 },
> + { SCMP_SYS(mbind), 240 }
> };
>
> int seccomp_start(void)
>
>
--
Eduardo
