From 8e08f8a4a7f613af65b29fcc3ac3bfc2a08a3343 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Mon, 7 Mar 2016 10:34:46 +0100 Subject: [PATCH] seccomp: adding sysinfo system call to whitelist Newer version of nss-softokn libraries (> 3.16.2.3) use sysinfo call so qemu using rbd image hang after start when run in sandbox mode. To allow using rbd images in sandbox mode we have to whitelist it. Signed-off-by: Miroslav Rezanina Acked-by: Eduardo Otubo --- qemu-seccomp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 138ee022a8..cb569dc058 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -252,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { #ifdef HAVE_CACHEFLUSH { SCMP_SYS(cacheflush), 240 }, #endif + { SCMP_SYS(sysinfo), 240 }, }; int seccomp_start(void) -- GitLab