david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

seccomp: add mkdir() and fchmod() to the whitelist

Browse Source 
The PulseAudio library attempts to do a mkdir(2) and fchmod(2) on
"/run/user/<UID>/pulse" which is currently blocked by the syscall
filter; this patch adds the two missing syscalls to the whitelist.
You can reproduce this problem with the following command:

 # qemu -monitor stdio -device intel-hda -device hda-duplex

If watched under strace the following syscalls are shown:

 mkdir("/run/user/0/pulse", 0700)
 fchmod(11, 0700) [NOTE: 11 is the fd for /run/user/0/pulse]

Reported-by: xuhan@redhat.com
Signed-off-by: Paul Moore <pmoore@redhat.com>
This commit is contained in:
Paul Moore 2014-01-15 14:38:51 -05:00 committed by Eduardo Otubo
parent 1cf892ca26
commit 0c2acb163f
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
qemu-seccomp.c
View File

@ -220,7 +220,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(io_cancel), 241 }, { SCMP_SYS(io_cancel), 241 },
{ SCMP_SYS(io_setup), 241 }, { SCMP_SYS(io_setup), 241 },
{ SCMP_SYS(io_destroy), 241 }, { SCMP_SYS(io_destroy), 241 },
{ SCMP_SYS(arch_prctl), 240 } { SCMP_SYS(arch_prctl), 240 },
{ SCMP_SYS(mkdir), 240 },
{ SCMP_SYS(fchmod), 240 }
}; };
int seccomp_start(void) int seccomp_start(void)