diff --git a/0321-seccomp-fine-tuning-whitelist-by-adding-times.patch b/0321-seccomp-fine-tuning-whitelist-by-adding-times.patch new file mode 100644 index 0000000..1549d87 --- /dev/null +++ b/0321-seccomp-fine-tuning-whitelist-by-adding-times.patch @@ -0,0 +1,28 @@ +From 705cdb391bcd6e116cf632c175a881493d481e94 Mon Sep 17 00:00:00 2001 +From: Eduardo Otubo +Date: Tue, 24 Sep 2013 14:50:44 -0300 +Subject: [PATCH] seccomp: fine tuning whitelist by adding times() + +This was causing Qemu process to hang when using -sandbox on as +discribed on RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1004175 + +Signed-off-by: Eduardo Otubo +Tested-by: Paul Moore +Acked-by: Paul Moore +(cherry picked from commit c236f4519c9838801798f3705c17dce9ab9e3b9d) +--- + qemu-seccomp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/qemu-seccomp.c b/qemu-seccomp.c +index 031da1d..4a57b4b 100644 +--- a/qemu-seccomp.c ++++ b/qemu-seccomp.c +@@ -96,6 +96,7 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = { + { SCMP_SYS(getuid), 245 }, + { SCMP_SYS(geteuid), 245 }, + { SCMP_SYS(timer_create), 245 }, ++ { SCMP_SYS(times), 245 }, + { SCMP_SYS(exit), 245 }, + { SCMP_SYS(clock_gettime), 245 }, + { SCMP_SYS(time), 245 }, diff --git a/qemu.spec b/qemu.spec index 6a3678f..7920cee 100644 --- a/qemu.spec +++ b/qemu.spec @@ -131,7 +131,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu Version: 1.4.2 -Release: 13%{?dist} +Release: 14%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD @@ -306,6 +306,8 @@ Patch0318: 0318-scsi-Allocate-SCSITargetReq-r-buf-dynamically.patch # Fix 9pfs xattrs on kernel 3.11 (bz #1013676) Patch0319: 0319-hw-9pfs-Be-robust-against-paths-without-FS_IOC_GETVE.patch Patch0320: 0320-hw-9pfs-Fix-errno-value-for-xattr-functions.patch +# Fix process exit with -sandbox on (bz #1027421) +Patch0321: 0321-seccomp-fine-tuning-whitelist-by-adding-times.patch BuildRequires: SDL-devel BuildRequires: zlib-devel @@ -909,6 +911,8 @@ CAC emulation development files. # Fix 9pfs xattrs on kernel 3.11 (bz #1013676) %patch0319 -p1 %patch0320 -p1 +# Fix process exit with -sandbox on (bz #1027421) +%patch0321 -p1 %build %if %{with kvmonly} @@ -1555,6 +1559,9 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Sun Nov 17 2013 Cole Robinson - 2:1.4.2-14 +- Fix process exit with -sandbox on (bz #1027421) + * Tue Nov 05 2013 Cole Robinson - 2:1.4.2-13 - ksmtuned: Fix matching qemu w/o set_process_name (bz #1012604) - ksmtuned: Fix committed_memory when no qemu running (bz #1012610)