Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
On Wed, 27 Mar 2019 at 12:16, Eduardo Otubo wrote: > > The following changes since commit 49fc899f8d673dd9e73f3db0d9e9ea60b77c331b: > > Update version for v4.0.0-rc1 release (2019-03-26 17:02:29 +) > > are available in the Git repository at: > > https://github.com/otubo/qemu.git tags/pull-seccomp-20190327 > > for you to fetch changes up to 035121d23abcafcc2f346627d48132073d2e71d7: > > seccomp: report more useful errors from seccomp (2019-03-27 13:11:38 +0100) > > > pull-seccomp-20190327 > > > Daniel P. Berrangé (2): > seccomp: don't kill process for resource control syscalls > seccomp: report more useful errors from seccomp > > qemu-seccomp.c | 52 ++-- > 1 file changed, 38 insertions(+), 14 deletions(-) > Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0 for any user-visible changes. -- PMM
[Qemu-devel] [PULL 0/2] seccomp branch queue
The following changes since commit 49fc899f8d673dd9e73f3db0d9e9ea60b77c331b: Update version for v4.0.0-rc1 release (2019-03-26 17:02:29 +) are available in the Git repository at: https://github.com/otubo/qemu.git tags/pull-seccomp-20190327 for you to fetch changes up to 035121d23abcafcc2f346627d48132073d2e71d7: seccomp: report more useful errors from seccomp (2019-03-27 13:11:38 +0100) pull-seccomp-20190327 Daniel P. Berrangé (2): seccomp: don't kill process for resource control syscalls seccomp: report more useful errors from seccomp qemu-seccomp.c | 52 ++-- 1 file changed, 38 insertions(+), 14 deletions(-) -- 2.17.2
Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
On Wed, 27 Mar 2019 at 09:59, Eduardo Otubo wrote: > > The following changes since commit 49fc899f8d673dd9e73f3db0d9e9ea60b77c331b: > > Update version for v4.0.0-rc1 release (2019-03-26 17:02:29 +) > > are available in the Git repository at: > > https://github.com/otubo/qemu.git tags/pull-seccomp-20190327 > > for you to fetch changes up to 9d6951a9463e0fb8d39cc546f9c37756aed5b19d: > > seccomp: report more useful errors from seccomp (2019-03-27 10:55:13 +0100) > > > pull-seccomp-20190327 > > > Daniel P. Berrangé (2): > seccomp: don't kill process for resource control syscalls > seccomp: report more useful errors from seccomp As Daniel points out, you've forgotten your signed-off-by line as the maintainer here -- could you fix up and resend, please? thanks -- PMM
[Qemu-devel] [PULL 0/2] seccomp branch queue
The following changes since commit 49fc899f8d673dd9e73f3db0d9e9ea60b77c331b: Update version for v4.0.0-rc1 release (2019-03-26 17:02:29 +) are available in the Git repository at: https://github.com/otubo/qemu.git tags/pull-seccomp-20190327 for you to fetch changes up to 9d6951a9463e0fb8d39cc546f9c37756aed5b19d: seccomp: report more useful errors from seccomp (2019-03-27 10:55:13 +0100) pull-seccomp-20190327 Daniel P. Berrangé (2): seccomp: don't kill process for resource control syscalls seccomp: report more useful errors from seccomp qemu-seccomp.c | 52 ++-- 1 file changed, 38 insertions(+), 14 deletions(-) -- 2.17.2
Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
H On Thu, Jul 26, 2018 at 2:04 PM, Eduardo Otubo wrote: > On 26/07/2018 - 11:47:46, Peter Maydell wrote: >> On 25 July 2018 at 15:16, Eduardo Otubo wrote: >> > The following changes since commit >> > 18a398f6a39df4b08ff86ac0d38384193ca5f4cc: >> > >> > Update version for v3.0.0-rc2 release (2018-07-24 22:06:31 +0100) >> > >> > are available in the Git repository at: >> > >> > https://github.com/otubo/qemu.git tags/pull-seccomp-20180725 >> > >> > for you to fetch changes up to 5b2f59307372bae13a2ff95706646674eccb65e0: >> > >> > RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available (2018-07-25 >> > 16:07:31 +0200) >> > >> > >> > pull-seccomp-20180725 >> > >> > >> > Marc-André Lureau (2): >> > seccomp: use SIGSYS signal instead of killing the thread >> > RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available >> >> Hi. This fails to compile with clang: >> >> CC qemu-seccomp.o >> qemu-seccomp.c:112:1: error: unused function 'qemu_seccomp' >> [-Werror,-Wunused-function] >> qemu_seccomp(unsigned int operation, unsigned int flags, void *args) >> ^ >> >> This is because clang is stricter about warning about static inline >> functions defined in .c files but never used and your ifdef >> guard on the callsite is not matched by one around the function >> definition. >> > > Peter, sorry for not catching that before. > Marc, can you fix and resend? I suggest to drop that patch from 3.0. Since it will require a newer libseccomp to be actually useful, it can be delayed imho. -- Marc-André Lureau
Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
Hi On Thu, Jul 26, 2018 at 12:47 PM, Peter Maydell wrote: > On 25 July 2018 at 15:16, Eduardo Otubo wrote: >> The following changes since commit 18a398f6a39df4b08ff86ac0d38384193ca5f4cc: >> >> Update version for v3.0.0-rc2 release (2018-07-24 22:06:31 +0100) >> >> are available in the Git repository at: >> >> https://github.com/otubo/qemu.git tags/pull-seccomp-20180725 >> >> for you to fetch changes up to 5b2f59307372bae13a2ff95706646674eccb65e0: >> >> RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available (2018-07-25 >> 16:07:31 +0200) >> >> >> pull-seccomp-20180725 >> >> >> Marc-André Lureau (2): >> seccomp: use SIGSYS signal instead of killing the thread >> RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available > > Hi. This fails to compile with clang: > > CC qemu-seccomp.o > qemu-seccomp.c:112:1: error: unused function 'qemu_seccomp' > [-Werror,-Wunused-function] > qemu_seccomp(unsigned int operation, unsigned int flags, void *args) > ^ > > This is because clang is stricter about warning about static inline > functions defined in .c files but never used and your ifdef > guard on the callsite is not matched by one around the function > definition. > https://lkml.org/lkml/2017/6/6/631 ;) -- Marc-André Lureau
Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
On 26/07/2018 - 11:47:46, Peter Maydell wrote: > On 25 July 2018 at 15:16, Eduardo Otubo wrote: > > The following changes since commit 18a398f6a39df4b08ff86ac0d38384193ca5f4cc: > > > > Update version for v3.0.0-rc2 release (2018-07-24 22:06:31 +0100) > > > > are available in the Git repository at: > > > > https://github.com/otubo/qemu.git tags/pull-seccomp-20180725 > > > > for you to fetch changes up to 5b2f59307372bae13a2ff95706646674eccb65e0: > > > > RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available (2018-07-25 > > 16:07:31 +0200) > > > > > > pull-seccomp-20180725 > > > > > > Marc-André Lureau (2): > > seccomp: use SIGSYS signal instead of killing the thread > > RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available > > Hi. This fails to compile with clang: > > CC qemu-seccomp.o > qemu-seccomp.c:112:1: error: unused function 'qemu_seccomp' > [-Werror,-Wunused-function] > qemu_seccomp(unsigned int operation, unsigned int flags, void *args) > ^ > > This is because clang is stricter about warning about static inline > functions defined in .c files but never used and your ifdef > guard on the callsite is not matched by one around the function > definition. > Peter, sorry for not catching that before. Marc, can you fix and resend? -- Eduardo Otubo signature.asc Description: PGP signature
Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
On 25 July 2018 at 15:16, Eduardo Otubo wrote: > The following changes since commit 18a398f6a39df4b08ff86ac0d38384193ca5f4cc: > > Update version for v3.0.0-rc2 release (2018-07-24 22:06:31 +0100) > > are available in the Git repository at: > > https://github.com/otubo/qemu.git tags/pull-seccomp-20180725 > > for you to fetch changes up to 5b2f59307372bae13a2ff95706646674eccb65e0: > > RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available (2018-07-25 > 16:07:31 +0200) > > > pull-seccomp-20180725 > > > Marc-André Lureau (2): > seccomp: use SIGSYS signal instead of killing the thread > RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available Hi. This fails to compile with clang: CC qemu-seccomp.o qemu-seccomp.c:112:1: error: unused function 'qemu_seccomp' [-Werror,-Wunused-function] qemu_seccomp(unsigned int operation, unsigned int flags, void *args) ^ This is because clang is stricter about warning about static inline functions defined in .c files but never used and your ifdef guard on the callsite is not matched by one around the function definition. thanks -- PMM
[Qemu-devel] [PULL 0/2] seccomp branch queue
The following changes since commit 18a398f6a39df4b08ff86ac0d38384193ca5f4cc: Update version for v3.0.0-rc2 release (2018-07-24 22:06:31 +0100) are available in the Git repository at: https://github.com/otubo/qemu.git tags/pull-seccomp-20180725 for you to fetch changes up to 5b2f59307372bae13a2ff95706646674eccb65e0: RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available (2018-07-25 16:07:31 +0200) pull-seccomp-20180725 Marc-André Lureau (2): seccomp: use SIGSYS signal instead of killing the thread RFC: seccomp: prefer SCMP_ACT_KILL_PROCESS if available qemu-seccomp.c | 30 +- 1 file changed, 29 insertions(+), 1 deletion(-) -- 2.17.1
[Qemu-devel] [PULL 0/2] seccomp branch queue
Hi, This is the seccomp branch queue with fixes regarding a build crach on armv7l and adding new syscalls to the whitelist. Details below. The following changes since commit 6e76d125f244e10676b917208f2a074729820246: Update version for v2.2.0-rc0 release (2014-11-05 15:21:04 +) are available in the git repository at: git://github.com/otubo/qemu.git tags/pull-seccomp-2014 for you to fetch changes up to 4cc47f8b3cc4f32586ba2f7fce1dc267da774a69: seccomp: change configure to avoid arm 32 to break (2014-11-11 17:05:21 +0100) seccomp: change configure to avoid arm 32 to break seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() Eduardo Otubo (1): seccomp: change configure to avoid arm 32 to break Philipp Gesang (1): seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() configure | 3 ++- qemu-seccomp.c | 6 +- 2 files changed, 7 insertions(+), 2 deletions(-) Eduardo Otubo (1): seccomp: change configure to avoid arm 32 to break Philipp Gesang (1): seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() configure | 3 ++- qemu-seccomp.c | 6 +- 2 files changed, 7 insertions(+), 2 deletions(-) -- 1.9.1
Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
On Mon, Nov 10, 2014 at 08:50:07PM +, Peter Maydell wrote: On 10 November 2014 14:21, Eduardo Otubo eduardo.ot...@profitbricks.com wrote: Hi, This is the seccomp branch queue with fixes regarding a build crach on armv7l and adding new syscalls to the whitelist. Details below. The following changes since commit 6e76d125f244e10676b917208f2a074729820246: Update version for v2.2.0-rc0 release (2014-11-05 15:21:04 +) are available in the git repository at: git://github.com/otubo/qemu.git tags/pull-seccomp-20141110 for you to fetch changes up to f5c76d3eb66a63604d9d8b47ce94268f9babea10: seccomp: change configure to avoid arm 32 to break (2014-11-07 16:42:18 +0100) seccomp: change configure to avoid arm 32 to break seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() Eduardo Otubo (1): seccomp: change configure to avoid arm 32 to break Philipp Gesang (1): seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() Hi. I'm afraid I'm going to have to ask you to respin this, because the patches are missing various reviewed-by/signed-off etc tags. Firstly, and least critically, the configure patch should have the reviewed-by and acked-by tags that people have posted on the mailing list for it; it's useful to keep a permanent record of these in the commit history (for instance it can give a good idea of who to cc if a change turns out to have a bug in future). More significantly, the patch from Philipp is missing a Signed-off-by: line from you. Every commit in a pullreq should have a signed-off-by: from the submaintainer(s) of the tree that's being pulled, because it represents your assertion that these changes are good to go into QEMU without further checking. My apologies! I was so worried about the key and tagging being set properly on my branch that those lines completely passed from my review. I resent the pull request with everything double-checked. I hope everything is 0K now. Sorry to have to be picky about this. The good news is, your signed tag seems OK. You should make sure you've pushed your public key out to the public keyservers if you haven't already (gpg --send-keys 12F8BD2F) since it's not currently visible there [there is a lag of a day or two though so if you've sent it out recently it's probably just in that delay.] I just pushed my key to the public server. So it might take a while to appear as valid. Thanks for the help on this, and sorry again for the lapses. Regards, -- Eduardo Otubo ProfitBricks GmbH
Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
On 11 November 2014 16:21, Eduardo Otubo eduardo.ot...@profitbricks.com wrote: Hi, This is the seccomp branch queue with fixes regarding a build crach on armv7l and adding new syscalls to the whitelist. Details below. The following changes since commit 6e76d125f244e10676b917208f2a074729820246: Update version for v2.2.0-rc0 release (2014-11-05 15:21:04 +) are available in the git repository at: git://github.com/otubo/qemu.git tags/pull-seccomp-2014 for you to fetch changes up to 4cc47f8b3cc4f32586ba2f7fce1dc267da774a69: seccomp: change configure to avoid arm 32 to break (2014-11-11 17:05:21 +0100) seccomp: change configure to avoid arm 32 to break seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() Applied, thanks. -- PMM
[Qemu-devel] [PULL 0/2] seccomp branch queue
Hi, This is the seccomp branch queue with fixes regarding a build crach on armv7l and adding new syscalls to the whitelist. Details below. The following changes since commit 6e76d125f244e10676b917208f2a074729820246: Update version for v2.2.0-rc0 release (2014-11-05 15:21:04 +) are available in the git repository at: git://github.com/otubo/qemu.git tags/pull-seccomp-20141110 for you to fetch changes up to f5c76d3eb66a63604d9d8b47ce94268f9babea10: seccomp: change configure to avoid arm 32 to break (2014-11-07 16:42:18 +0100) seccomp: change configure to avoid arm 32 to break seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() Eduardo Otubo (1): seccomp: change configure to avoid arm 32 to break Philipp Gesang (1): seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() configure | 3 ++- qemu-seccomp.c | 6 +- 2 files changed, 7 insertions(+), 2 deletions(-) -- 1.9.1
Re: [Qemu-devel] [PULL 0/2] seccomp branch queue
On 10 November 2014 14:21, Eduardo Otubo eduardo.ot...@profitbricks.com wrote: Hi, This is the seccomp branch queue with fixes regarding a build crach on armv7l and adding new syscalls to the whitelist. Details below. The following changes since commit 6e76d125f244e10676b917208f2a074729820246: Update version for v2.2.0-rc0 release (2014-11-05 15:21:04 +) are available in the git repository at: git://github.com/otubo/qemu.git tags/pull-seccomp-20141110 for you to fetch changes up to f5c76d3eb66a63604d9d8b47ce94268f9babea10: seccomp: change configure to avoid arm 32 to break (2014-11-07 16:42:18 +0100) seccomp: change configure to avoid arm 32 to break seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() Eduardo Otubo (1): seccomp: change configure to avoid arm 32 to break Philipp Gesang (1): seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch() Hi. I'm afraid I'm going to have to ask you to respin this, because the patches are missing various reviewed-by/signed-off etc tags. Firstly, and least critically, the configure patch should have the reviewed-by and acked-by tags that people have posted on the mailing list for it; it's useful to keep a permanent record of these in the commit history (for instance it can give a good idea of who to cc if a change turns out to have a bug in future). More significantly, the patch from Philipp is missing a Signed-off-by: line from you. Every commit in a pullreq should have a signed-off-by: from the submaintainer(s) of the tree that's being pulled, because it represents your assertion that these changes are good to go into QEMU without further checking. Sorry to have to be picky about this. The good news is, your signed tag seems OK. You should make sure you've pushed your public key out to the public keyservers if you haven't already (gpg --send-keys 12F8BD2F) since it's not currently visible there [there is a lag of a day or two though so if you've sent it out recently it's probably just in that delay.] thanks -- PMM