From f8d82b8eb81d3ea29325b4046fafa8ed41e32449 Mon Sep 17 00:00:00 2001
From: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Date: Fri, 9 Oct 2015 17:17:41 +0200
Subject: seccomp: add memfd_create to whitelist
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is used by memfd code.

Signed-off-by: Eduardo Otubo <eduardo.otubo@profitbricks.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thibaut Collet <thibaut.collet@6wind.com>
---
 qemu-seccomp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'qemu-seccomp.c')

diff --git a/qemu-seccomp.c b/qemu-seccomp.c
index f9de0d3390..80d034a8d5 100644
--- a/qemu-seccomp.c
+++ b/qemu-seccomp.c
@@ -237,7 +237,8 @@ static const struct QemuSeccompSyscall seccomp_whitelist[] = {
     { SCMP_SYS(fadvise64), 240 },
     { SCMP_SYS(inotify_init1), 240 },
     { SCMP_SYS(inotify_add_watch), 240 },
-    { SCMP_SYS(mbind), 240 }
+    { SCMP_SYS(mbind), 240 },
+    { SCMP_SYS(memfd_create), 240 }
 };
 
 int seccomp_start(void)
-- 
cgit v1.2.1