Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20160416' into staging

seccomp branch queue

# gpg: Signature made Sat 16 Apr 2016 19:58:46 BST using RSA key ID 12F8BD2F
# gpg: Good signature from "Eduardo Otubo (Software Engineer @ ProfitBricks) <eduardo.otubo@profitbricks.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 1C96 46B6 E1D1 C38A F2EC  3FDE FD0C FF5B 12F8 BD2F

* remotes/otubo/tags/pull-seccomp-20160416:
  seccomp: adding sysinfo system call to whitelist
  seccomp: Whitelist cacheflush since 2.2.0 not 2.2.3
  configure: Enable seccomp sandbox for MIPS
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

configure

@@ -1872,6 +1872,9 @@ if test "$seccomp" != "no" ; then
     i386|x86_64)
         libseccomp_minver="2.1.0"
         ;;
+    mips)
+        libseccomp_minver="2.2.0"
+        ;;
     arm|aarch64)
         libseccomp_minver="2.2.3"
         ;;

qemu-seccomp.c

@@ -16,11 +16,13 @@
 #include <seccomp.h>
 #include "sysemu/seccomp.h"
 
+/* For some architectures (notably ARM) cacheflush is not supported until
+ * libseccomp 2.2.3, but configure enforces that we are using a more recent
+ * version on those hosts, so it is OK for this check to be less strict.
+ */
 #if SCMP_VER_MAJOR >= 3
   #define HAVE_CACHEFLUSH
-#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3
-  #define HAVE_CACHEFLUSH
-#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR == 2 && SCMP_VER_MICRO >= 3
+#elif SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 2
   #define HAVE_CACHEFLUSH
 #endif
 
@@ -250,6 +252,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
 #ifdef HAVE_CACHEFLUSH
     { SCMP_SYS(cacheflush), 240 },
 #endif
+    { SCMP_SYS(sysinfo), 240 },
 };
 
 int seccomp_start(void)