Message ID | 20140115193851.10562.6284.stgit@localhost |
---|---|
State | New |
Headers | show |
I have tested and reviewed both patches. And if nothing more comes up, I'll send a pull request by tomorrow EOD. On 01/15/2014 05:38 PM, Paul Moore wrote: > The PulseAudio library attempts to do a mkdir(2) and fchmod(2) on > "/run/user/<UID>/pulse" which is currently blocked by the syscall > filter; this patch adds the two missing syscalls to the whitelist. > You can reproduce this problem with the following command: > > # qemu -monitor stdio -device intel-hda -device hda-duplex > > If watched under strace the following syscalls are shown: > > mkdir("/run/user/0/pulse", 0700) > fchmod(11, 0700) [NOTE: 11 is the fd for /run/user/0/pulse] > > Reported-by: xuhan@redhat.com > Signed-off-by: Paul Moore <pmoore@redhat.com> > --- > qemu-seccomp.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/qemu-seccomp.c b/qemu-seccomp.c > index b7c1253..89f244f 100644 > --- a/qemu-seccomp.c > +++ b/qemu-seccomp.c > @@ -220,7 +220,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { > { SCMP_SYS(io_cancel), 241 }, > { SCMP_SYS(io_setup), 241 }, > { SCMP_SYS(io_destroy), 241 }, > - { SCMP_SYS(arch_prctl), 240 } > + { SCMP_SYS(arch_prctl), 240 }, > + { SCMP_SYS(mkdir), 240 }, > + { SCMP_SYS(fchmod), 240 } ACK.
diff --git a/qemu-seccomp.c b/qemu-seccomp.c index b7c1253..89f244f 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -220,7 +220,9 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { { SCMP_SYS(io_cancel), 241 }, { SCMP_SYS(io_setup), 241 }, { SCMP_SYS(io_destroy), 241 }, - { SCMP_SYS(arch_prctl), 240 } + { SCMP_SYS(arch_prctl), 240 }, + { SCMP_SYS(mkdir), 240 }, + { SCMP_SYS(fchmod), 240 } }; int seccomp_start(void)
The PulseAudio library attempts to do a mkdir(2) and fchmod(2) on "/run/user/<UID>/pulse" which is currently blocked by the syscall filter; this patch adds the two missing syscalls to the whitelist. You can reproduce this problem with the following command: # qemu -monitor stdio -device intel-hda -device hda-duplex If watched under strace the following syscalls are shown: mkdir("/run/user/0/pulse", 0700) fchmod(11, 0700) [NOTE: 11 is the fd for /run/user/0/pulse] Reported-by: xuhan@redhat.com Signed-off-by: Paul Moore <pmoore@redhat.com> --- qemu-seccomp.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)