seccomp: adding getrusage to the whitelist

getrusage is used in a number of places throughout the qemu codebase (notably, in crypto/pbkdf.c). Without this syscall being whitelisted, qemu ends up getting killed by the kernel whenever you try to connect to a VNC console. Signed-off-by: Brian Rak <brak@gameservers.com> Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
2016-09-21 11:09:22 +02:00 · 2016-09-21 11:09:22 +02:00 · cf9dc9e480
commit cf9dc9e480
parent a008535b9f
1 changed files with 1 additions and 0 deletions
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@ -65,6 +65,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
    { SCMP_SYS(prctl), 245 },
    { SCMP_SYS(signalfd), 245 },
    { SCMP_SYS(getrlimit), 245 },
+    { SCMP_SYS(getrusage), 245 },
    { SCMP_SYS(set_tid_address), 245 },
    { SCMP_SYS(statfs), 245 },
    { SCMP_SYS(unlink), 245 },