Merge remote-tracking branch 'remotes/otubo/tags/pull-seccomp-20141111' into staging
seccomp branch queue
# gpg: Signature made Tue 11 Nov 2014 16:12:48 GMT using RSA key ID 12F8BD2F
# gpg: Can't check signature: public key not found
* remotes/otubo/tags/pull-seccomp-20141111:
seccomp: change configure to avoid arm 32 to break
seccomp: whitelist syscalls fallocate(), fadvise64(), inotify_init1() and inotify_add_watch()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
diff --git a/configure b/configure
index 2f17bf3..47048f0 100755
--- a/configure
+++ b/configure
@@ -1823,7 +1823,8 @@
# libseccomp check
if test "$seccomp" != "no" ; then
- if $pkg_config --atleast-version=2.1.0 libseccomp; then
+ if test "$cpu" = "i386" || test "$cpu" = "x86_64" &&
+ $pkg_config --atleast-version=2.1.1 libseccomp; then
libs_softmmu="$libs_softmmu `$pkg_config --libs libseccomp`"
QEMU_CFLAGS="$QEMU_CFLAGS `$pkg_config --cflags libseccomp`"
seccomp="yes"
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index 0503764..af6a375 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -231,7 +231,11 @@
{ SCMP_SYS(shmctl), 240 },
{ SCMP_SYS(mlock), 240 },
{ SCMP_SYS(munlock), 240 },
- { SCMP_SYS(semctl), 240 }
+ { SCMP_SYS(semctl), 240 },
+ { SCMP_SYS(fallocate), 240 },
+ { SCMP_SYS(fadvise64), 240 },
+ { SCMP_SYS(inotify_init1), 240 },
+ { SCMP_SYS(inotify_add_watch), 240 }
};
int seccomp_start(void)
