seccomp: add some basic shared memory syscalls to the whitelist

author Paul Moore <pmoore@redhat.com>

Wed, 15 Jan 2014 19:38:58 +0000 (14:38 -0500)

committer Eduardo Otubo <otubo@linux.vnet.ibm.com>

Mon, 20 Jan 2014 13:19:34 +0000 (11:19 -0200)
author Paul Moore <pmoore@redhat.com>
Wed, 15 Jan 2014 19:38:58 +0000 (14:38 -0500)
committer Eduardo Otubo <otubo@linux.vnet.ibm.com>
Mon, 20 Jan 2014 13:19:34 +0000 (11:19 -0200)
diff --git a/qemu-seccomp.c b/qemu-seccomp.c

index 89f244fcb2d775b34024dd456bf9ade85d8f058b..caa926ebf2d81d4d265ef0fe4067fdfa93061580 100644 (file)
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -222,7 +222,10 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
      { SCMP_SYS(io_destroy), 241 },
      { SCMP_SYS(arch_prctl), 240 },
      { SCMP_SYS(mkdir), 240 },
-    { SCMP_SYS(fchmod), 240 }
+    { SCMP_SYS(fchmod), 240 },
+    { SCMP_SYS(shmget), 240 },
+    { SCMP_SYS(shmat), 240 },
+    { SCMP_SYS(shmdt), 240 }
  };
  
  int seccomp_start(void)
author	Paul Moore <pmoore@redhat.com>
	Wed, 15 Jan 2014 19:38:58 +0000 (14:38 -0500)
committer	Eduardo Otubo <otubo@linux.vnet.ibm.com>
	Mon, 20 Jan 2014 13:19:34 +0000 (11:19 -0200)