Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On 09/13/2013 11:45 AM, Paul Moore wrote: On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com I fear this patch may have been lost in the maintainer discussion - can we merge this fix please? Just another poke on this patch. Poor little bug https://bugzilla.redhat.com/show_bug.cgi?id=1004175 is waiting for a fix. Thanks. --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- Eduardo Otubo IBM Linux Technology Center
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com Eduardo, perhaps you should just merge this into your tree and send a pull request? This fix should also go into -stable. Acked-by: Paul Moore pmo...@redhat.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- paul moore security and virtualization @ redhat
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Mon, Sep 23, 2013 at 2:49 PM, Eduardo Otubo ot...@linux.vnet.ibm.comwrote: On 09/13/2013 11:45 AM, Paul Moore wrote: On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/**show_bug.cgi?id=1004175https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com I fear this patch may have been lost in the maintainer discussion - can we merge this fix please? Just another poke on this patch. Poor little bug https://bugzilla.redhat.com/**show_bug.cgi?id=1004175https://bugzilla.redhat.com/show_bug.cgi?id=1004175is waiting for a fix. Thanks. M: Eduardo Otubo ot...@linux.vnet.ibm.com S: Supported F: qemu-seccomp.c F: include/sysemu/seccomp.h You should be sending a pull request Eduardo. Regards, Anthony Liguori --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- Eduardo Otubo IBM Linux Technology Center
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On 09/23/2013 04:53 PM, Paul Moore wrote: On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com Eduardo, perhaps you should just merge this into your tree and send a pull request? This fix should also go into -stable. OH you're absolutely right, I'll just do it! Thanks for the heads up, forgot I have special powers now. Acked-by: Paul Moore pmo...@redhat.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- Eduardo Otubo IBM Linux Technology Center
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Wednesday, September 04, 2013 10:11:10 AM Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com I fear this patch may have been lost in the maintainer discussion - can we merge this fix please? --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- paul moore security and virtualization @ redhat
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
Il 06/09/2013 20:41, Eduardo Otubo ha scritto: Hello, Any chance to get this patch applied? Thanks! Paul, perhaps you can add yourself to MAINTAINERS and send a pull request? Paolo On 09/04/2013 11:11 AM, Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 },
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Monday, September 09, 2013 12:38:12 PM Paolo Bonzini wrote: Il 06/09/2013 20:41, Eduardo Otubo ha scritto: Hello, Any chance to get this patch applied? Thanks! Paul, perhaps you can add yourself to MAINTAINERS and send a pull request? Paolo Out of respect for the work that Eduardo has done, and is continuing to do, with the QEMU seccomp filtering, I think Eduardo should be the one to take on this role. If Eduardo declines I'll do ahead and submit a patch adding myself to the MAINTAINERS file. On 09/04/2013 11:11 AM, Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- paul moore security and virtualization @ redhat
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On 09/09/2013 09:36 AM, Paul Moore wrote: On Monday, September 09, 2013 12:38:12 PM Paolo Bonzini wrote: Il 06/09/2013 20:41, Eduardo Otubo ha scritto: Hello, Any chance to get this patch applied? Thanks! Paul, perhaps you can add yourself to MAINTAINERS and send a pull request? Paolo Out of respect for the work that Eduardo has done, and is continuing to do, with the QEMU seccomp filtering, I think Eduardo should be the one to take on this role. If Eduardo declines I'll do ahead and submit a patch adding myself to the MAINTAINERS file. If this is ok for everyone, I would be really glad to take this role to myself. Paul, thanks for this vote of confidence. Paolo, should I send a patch for MAINTAINERS right away? Regards, On 09/04/2013 11:11 AM, Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- Eduardo Otubo IBM Linux Technology Center
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
Hello, Any chance to get this patch applied? Thanks! On 09/04/2013 11:11 AM, Paul Moore wrote: On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- Eduardo Otubo IBM Linux Technology Center
[Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- 1.7.1
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On 09/04/2013 08:25 AM, Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, Reviewed-by: Corey Bryant cor...@linux.vnet.ibm.com -- Regards, Corey Bryant
Re: [Qemu-devel] [PATCH] seccomp: adding times() to the whitelist
On Wednesday, September 04, 2013 09:25:08 AM Eduardo Otubo wrote: This was causing Qemu process to hang when using -sandbox on. Related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 Signed-off-by: Eduardo Otubo ot...@linux.vnet.ibm.com Works for me. Tested-by: Paul Moore pmo...@redhat.com --- qemu-seccomp.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 37d38f8..69cee44 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -90,6 +90,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(getuid), 245 }, { SCMP_SYS(geteuid), 245 }, { SCMP_SYS(timer_create), 245 }, +{ SCMP_SYS(times), 245 }, { SCMP_SYS(exit), 245 }, { SCMP_SYS(clock_gettime), 245 }, { SCMP_SYS(time), 245 }, -- paul moore security and virtualization @ redhat