Skip to content

Commit

Permalink
virtiofsd: Add sigreturn to the seccomp whitelist
Browse files Browse the repository at this point in the history 
The virtiofsd currently crashes on s390x. This is because of a
`sigreturn` system call. See audit log below:

type=SECCOMP msg=audit(1669382477.611:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 pid=6649 comm="virtiofsd" exe="/usr/libexec/virtiofsd" sig=31 arch=80000016 syscall=119 compat=0 ip=0x3fff15f748a code=0x80000000AUID="unset" UID="root" GID="root" ARCH=s390x SYSCALL=sigreturn

Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: German Maglione <gmaglione@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221125143946.27717-1-mhartmay@linux.ibm.com>
  • Loading branch information
@mhartmay @stefanhaRH
mhartmay authored and stefanhaRH committed Nov 25, 2022
1 parent a33c253 commit c23a956
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions tools/virtiofsd/passthrough_seccomp.c
View file
Expand Up @@ -110,6 +110,7 @@ static const int syscall_allowlist[] = {
#endif
SCMP_SYS(set_robust_list),
SCMP_SYS(setxattr),
SCMP_SYS(sigreturn),
SCMP_SYS(symlinkat),
SCMP_SYS(syncfs),
SCMP_SYS(time), /* Rarely needed, except on static builds */
Expand Down

0 comments on commit c23a956

Please sign in to comment.