These patches enable seccomp sandboxing on MIPS. libseccomp has supported MIPS since 2.2.0, but cacheflush isn't included in the whitelist until libseccomp 2.2.3 since thats when it was enabled for ARM. The first patch fixes that so that it will work with MIPS right back to 2.2.0.
Finally the second patch enables seccomp in the configure script for MIPS since libseccomp 2.2.0. Incidentally, when cacheflush(2) was being used prior to it appearing in the whitelist, I noticed that only a single thread was being killed by SCMP_ACT_KILL (which the man page also confirms) rather than the whole process, simply resulting in a lockup, and making it tricky to debug since it wasn't immediately obvious what had happened (same thing can be made to happen on x86 if e.g. read syscall is disallowed). Should we be using the apparently more helpful SCMP_ACT_TRAP instead of SCMP_ACT_KILL, or is that considered less secure? It would seem preferable if we could kill the whole process in a recognisable way instead of hanging it. Changes in v2: - Added Peter's comment in patch 1. James Hogan (2): seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3 configure: Enable seccomp sandbox for MIPS configure | 3 +++ qemu-seccomp.c | 8 +++++--- 2 files changed, 8 insertions(+), 3 deletions(-) -- 2.4.10