Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On 09/13/2013 11:45 AM, Paul Moore wrote:
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
I fear this patch may have been lost in the maintainer discussion - can we
merge this fix please?
Just another poke on this patch. Poor little bug
https://bugzilla.redhat.com/show_bug.cgi?id=1004175 is waiting for a fix.
Thanks.
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
Eduardo Otubo
IBM Linux Technology Center
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
Eduardo, perhaps you should just merge this into your tree and send a pull
request? This fix should also go into -stable.
Acked-by: Paul Moore pmo...@redhat.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
paul moore
security and virtualization @ redhat
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Mon, Sep 23, 2013 at 2:49 PM, Eduardo Otubo ot...@linux.vnet.ibm.comwrote:
On 09/13/2013 11:45 AM, Paul Moore wrote:
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ:
https://bugzilla.redhat.com/**show_bug.cgi?id=1004175https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
I fear this patch may have been lost in the maintainer discussion - can we
merge this fix please?
Just another poke on this patch. Poor little bug
https://bugzilla.redhat.com/**show_bug.cgi?id=1004175https://bugzilla.redhat.com/show_bug.cgi?id=1004175is
waiting for a fix.
Thanks.
M: Eduardo Otubo ot...@linux.vnet.ibm.com
S: Supported
F: qemu-seccomp.c
F: include/sysemu/seccomp.h
You should be sending a pull request Eduardo.
Regards,
Anthony Liguori
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
Eduardo Otubo
IBM Linux Technology Center
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On 09/23/2013 04:53 PM, Paul Moore wrote:
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
Eduardo, perhaps you should just merge this into your tree and send a pull
request? This fix should also go into -stable.
OH you're absolutely right, I'll just do it! Thanks for the heads up,
forgot I have special powers now.
Acked-by: Paul Moore pmo...@redhat.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
Eduardo Otubo
IBM Linux Technology Center
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
I fear this patch may have been lost in the maintainer discussion - can we
merge this fix please?
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
paul moore
security and virtualization @ redhat
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
Il 06/09/2013 20:41, Eduardo Otubo ha scritto:
Hello,
Any chance to get this patch applied?
Thanks!
Paul, perhaps you can add yourself to MAINTAINERS and send a pull request?
Paolo
On 09/04/2013 11:11 AM, Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
seccomp_whitelist[]
= { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Monday, September 09, 2013 12:38:12 PM Paolo Bonzini wrote:
Il 06/09/2013 20:41, Eduardo Otubo ha scritto:
Hello,
Any chance to get this patch applied?
Thanks!
Paul, perhaps you can add yourself to MAINTAINERS and send a pull request?
Paolo
Out of respect for the work that Eduardo has done, and is continuing to do,
with the QEMU seccomp filtering, I think Eduardo should be the one to take on
this role. If Eduardo declines I'll do ahead and submit a patch adding myself
to the MAINTAINERS file.
On 09/04/2013 11:11 AM, Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
seccomp_whitelist[]
= { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
paul moore
security and virtualization @ redhat
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On 09/09/2013 09:36 AM, Paul Moore wrote:
On Monday, September 09, 2013 12:38:12 PM Paolo Bonzini wrote:
Il 06/09/2013 20:41, Eduardo Otubo ha scritto:
Hello,
Any chance to get this patch applied?
Thanks!
Paul, perhaps you can add yourself to MAINTAINERS and send a pull request?
Paolo
Out of respect for the work that Eduardo has done, and is continuing to do,
with the QEMU seccomp filtering, I think Eduardo should be the one to take on
this role. If Eduardo declines I'll do ahead and submit a patch adding myself
to the MAINTAINERS file.
If this is ok for everyone, I would be really glad to take this role to
myself. Paul, thanks for this vote of confidence. Paolo, should I send a
patch for MAINTAINERS right away?
Regards,
On 09/04/2013 11:11 AM, Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall
seccomp_whitelist[]
= { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
Eduardo Otubo
IBM Linux Technology Center
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
Hello,
Any chance to get this patch applied?
Thanks!
On 09/04/2013 11:11 AM, Paul Moore wrote:
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
= { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
Eduardo Otubo
IBM Linux Technology Center
[Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
1.7.1
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On 09/04/2013 08:25 AM, Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
{ SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
Reviewed-by: Corey Bryant cor...@linux.vnet.ibm.com
--
Regards,
Corey Bryant
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote:
This was causing Qemu process to hang when using -sandbox on.
Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175
Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com
Works for me.
Tested-by: Paul Moore pmo...@redhat.com
---
qemu-seccomp.c |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 37d38f8..69cee44 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[]
= { { SCMP_SYS(getuid), 245 },
{ SCMP_SYS(geteuid), 245 },
{ SCMP_SYS(timer_create), 245 },
+{ SCMP_SYS(times), 245 },
{ SCMP_SYS(exit), 245 },
{ SCMP_SYS(clock_gettime), 245 },
{ SCMP_SYS(time), 245 },
--
paul moore
security and virtualization @ redhat
