From 2d17f4384a7d528c66e8683f7d85907ebe18e1f4 Mon Sep 17 00:00:00 2001
From: Sebastien Boeuf <sebastien.boeuf@intel.com>
Date: Thu, 2 Apr 2020 09:17:33 +0200
Subject: [PATCH] vmm: seccomp: Add missing open() syscall

On some systems, the open() system call is used by Cloud-Hypervisor,
that's why it should be part of the seccomp filters whitelist.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
 vmm/src/seccomp_filters.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs
index 6be0ddbdb..805f05f31 100644
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@@ -206,6 +206,7 @@ pub fn vmm_thread_filter() -> Result<SeccompFilter, Error> {
             allow_syscall(libc::SYS_mprotect),
             allow_syscall(libc::SYS_munmap),
             allow_syscall(libc::SYS_nanosleep),
+            allow_syscall(libc::SYS_open),
             allow_syscall(libc::SYS_openat),
             allow_syscall(libc::SYS_prctl),
             allow_syscall(libc::SYS_pread64),