seccomp: adding sysinfo system call to whitelist

Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call
so qemu using rbd image hang after start when run in sandbox mode.

To allow using rbd images in sandbox mode we have to whitelist it.

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Acked-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 138ee022a8fe32f110cb19a7a4c9b099e7536466..cb569dc05829ff3c877f3274b44f5aab6d25986a 100644 (file)
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -252,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
 #ifdef HAVE_CACHEFLUSH
     { SCMP_SYS(cacheflush), 240 },
 #endif
+    { SCMP_SYS(sysinfo), 240 },
 };
 
 int seccomp_start(void)