The kill() syscall is triggered with the following command:
# qemu -sandbox on -monitor stdio \
-device intel-hda -device hda-duplex -vnc :0
The resulting syslog/audit message:
# ausearch -m SECCOMP
----
time->Wed Nov 20 09:52:08 2013
type=SECCOMP msg=audit(
1384912328.482:6656): auid=0 uid=0 gid=0 ses=854
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=12087
comm="qemu-kvm" sig=31 syscall=62 compat=0 ip=0x7f7a1d2abc67 code=0x0
# scmp_sys_resolver 62
kill
Reported-by: CongLi <coli@redhat.com>
Tested-by: CongLi <coli@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eduardo Otubo <otubo@linux.vnet.ibm.com>
{ SCMP_SYS(write), 244 },
{ SCMP_SYS(fcntl), 243 },
{ SCMP_SYS(tgkill), 242 },
+ { SCMP_SYS(kill), 242 },
{ SCMP_SYS(rt_sigaction), 242 },
{ SCMP_SYS(pipe2), 242 },
{ SCMP_SYS(munmap), 242 },
projects / qemu.git / commitdiff