aboutsummaryrefslogtreecommitdiff
path: root/qemu-seccomp.c
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-01-15 14:38:58 -0500
committerEduardo Otubo <otubo@linux.vnet.ibm.com>2014-01-20 11:19:34 -0200
commit918b94e2873cd5fe8aef06d269b4a4c7d0832ce7 (patch)
tree9eb4f96592d8f900ae3a8285fd8d66e7a6e3958e /qemu-seccomp.c
parent0c2acb163fbb4579dad2d45595570b0a9ff71149 (diff)
downloadqemu-918b94e2873cd5fe8aef06d269b4a4c7d0832ce7.zip
qemu-918b94e2873cd5fe8aef06d269b4a4c7d0832ce7.tar.gz
qemu-918b94e2873cd5fe8aef06d269b4a4c7d0832ce7.tar.bz2
seccomp: add some basic shared memory syscalls to the whitelist
PulseAudio requires the use of shared memory so add shmget(), shmat(), and shmdt() to the syscall whitelist. Reported-by: xuhan@redhat.com Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'qemu-seccomp.c')
-rw-r--r--qemu-seccomp.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 89f244f..caa926e 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -222,7 +222,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(io_destroy), 241 },
{ SCMP_SYS(arch_prctl), 240 },
{ SCMP_SYS(mkdir), 240 },
- { SCMP_SYS(fchmod), 240 }
+ { SCMP_SYS(fchmod), 240 },
+ { SCMP_SYS(shmget), 240 },
+ { SCMP_SYS(shmat), 240 },
+ { SCMP_SYS(shmdt), 240 }
};
int seccomp_start(void)