• Felix Geyer's avatar
    seccomp: add timerfd_create and timerfd_settime to the whitelist · 84397618
    Felix Geyer authored
    libusb calls timerfd_create() and timerfd_settime() when it's built with
    timerfd support.
    Command to reproduce:
           -device usb-host,hostbus=1,hostaddr=3,id=hostdev0
    Log messages:
    audit(1390730418.924:135): auid=4294967295 uid=121 gid=103 ses=4294967295
                               pid=5232 comm="qemu-system-x86" sig=31 syscall=283
                               compat=0 ip=0x7f2b0f4e96a7 code=0x0
    audit(1390733100.580:142): auid=4294967295 uid=121 gid=103 ses=4294967295
                               pid=16909 comm="qemu-system-x86" sig=31 syscall=286
                               compat=0 ip=0x7f03513a06da code=0x0
    Reading a few hundred MB from a USB drive on x86_64 shows this syscall distribution.
    Therefore the timerfd_settime priority is set to 242.
        calls  syscall
     --------- ----------------
       5303600 write
       2240554 read
       2167030 ppoll
       2134828 ioctl
        704023 timerfd_settime
        689105 poll
         83122 futex
           803 writev
           476 rt_sigprocmask
           287 recvmsg
           178 brk
    Signed-off-by: 's avatarFelix Geyer <debfx@fobos.de>
    Signed-off-by: 's avatarEduardo Otubo <otubo@linux.vnet.ibm.com>
qemu-seccomp.c 8.01 KB