Le 03/11/2017 à 17:01, Peter Maydell a écrit : > On 3 November 2017 at 15:52, James Cowgill <james.cowg...@mips.com> wrote: >> On 03/11/17 14:29, Laurent Vivier wrote: >>> I think we should allow PR_GET_SECCOMP, and at least all the modes >>> except SECCOMP_MODE_FILTER for PR_SET_SECCOMP. >> >> I tried allowing SECCOMP_MODE_STRICT and made a small test program. It >> seems that qemu is SIGKILLed when _exit is used because qemu itself >> tries to call rt_sigprocmask which is not an allowed syscall. >> >> PR_GET_SECCOMP can probably be allowed. My reasoning for disabling it >> was to match the kernel behavior for when seccomp is disabled by the >> Kconfig option. > > I think I like "behave like a kernel with seccomp disabled" -- > it's a clean line that we can assume won't confuse guest programs. > Laurent?
I agree. I didn't think about all the syscalls QEMU can do aside of the executed program. So your solution is the good one. Reviewed-by: Laurent Vivier <laur...@vivier.eu> Thanks, Laurent
