External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2025-02-01 17:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

virtio-devices: Add seccomp rules for vhost-user backend

Browse Source 
The missing rules caused failures when guest powered off.

Signed-off-by: Michael Zhao <michael.zhao@arm.com>
This commit is contained in:
Michael Zhao 2020-08-26 12:57:07 +08:00 committed by Sebastien Boeuf
parent a95b6bbd8b
commit 23e5a726ec
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
virtio-devices/src/seccomp_filters.rs
View File

@ -290,6 +290,13 @@ fn virtio_vhost_net_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
allow_syscall(libc::SYS_futex),
allow_syscall(libc::SYS_read),
allow_syscall(libc::SYS_write),
allow_syscall(libc::SYS_close),
allow_syscall(libc::SYS_sigaltstack),
allow_syscall(libc::SYS_munmap),
#[cfg(target_arch = "aarch64")]
allow_syscall(libc::SYS_madvise),
#[cfg(target_arch = "aarch64")]
allow_syscall(libc::SYS_exit),
])
}
@ -304,6 +311,15 @@ fn virtio_vhost_net_ctl_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
allow_syscall(libc::SYS_epoll_wait),
allow_syscall(libc::SYS_futex),
allow_syscall(libc::SYS_read),
allow_syscall(libc::SYS_close),
#[cfg(target_arch = "aarch64")]
allow_syscall(libc::SYS_sigaltstack),
#[cfg(target_arch = "aarch64")]
allow_syscall(libc::SYS_munmap),
#[cfg(target_arch = "aarch64")]
allow_syscall(libc::SYS_madvise),
#[cfg(target_arch = "aarch64")]
allow_syscall(libc::SYS_exit),
])
}