From: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Date: Fri, 9 Oct 2015 15:17:41 +0000 (+0200)
Subject: seccomp: add memfd_create to whitelist
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=f8d82b8eb81d3ea29325b4046fafa8ed41e32449;p=qemu.git

seccomp: add memfd_create to whitelist

This is used by memfd code.

Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
---

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index f9de0d3390..80d034a8d5 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -237,7 +237,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(fadvise64), 240 },
     { SCMP_SYS(inotify_init1), 240 },
     { SCMP_SYS(inotify_add_watch), 240 },
-    { SCMP_SYS(mbind), 240 }
+    { SCMP_SYS(mbind), 240 },
+    { SCMP_SYS(memfd_create), 240 }
 };
 
 int seccomp_start(void)