vmm: seccomp: Add missing SYS_newfstatat

This is used when running on a new libc like Fedora34. Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2024-10-02 11:35:46 +00:00 · 2021-04-12 16:04:58 +01:00 · 2021-04-12 16:04:58 +01:00 · 17072e9a6f
commit 17072e9a6f
parent e1cc702327
1 changed files with 2 additions and 0 deletions
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@ -344,6 +344,7 @@ fn vmm_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
        allow_syscall(libc::SYS_mremap),
        allow_syscall(libc::SYS_munmap),
        allow_syscall(libc::SYS_nanosleep),
+        allow_syscall(libc::SYS_newfstatat),
        #[cfg(target_arch = "x86_64")]
        allow_syscall(libc::SYS_open),
        allow_syscall(libc::SYS_openat),
@ -432,6 +433,7 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
        allow_syscall(libc::SYS_mprotect),
        allow_syscall(libc::SYS_munmap),
        allow_syscall(libc::SYS_nanosleep),
+        allow_syscall(libc::SYS_newfstatat),
        #[cfg(target_arch = "x86_64")]
        allow_syscall(libc::SYS_open),
        allow_syscall(libc::SYS_openat),