From 555c5c5d9c09eae66ee7c8f5016c7829a9f4e598 Mon Sep 17 00:00:00 2001
From: Sebastien Boeuf <sebastien.boeuf@intel.com>
Date: Fri, 18 Sep 2020 09:03:09 +0200
Subject: [PATCH] vmm: Add missing syscalls to signal thread

When the VMM is terminated by receiving a SIGTERM signal, the signal
handler thread must be able to invoke ioctl(TCGETS) and ioctl(TCSETS)
without error.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
 vmm/src/seccomp_filters.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs
index 1333d82db..f1c707786 100644
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@@ -240,7 +240,11 @@ fn create_api_ioctl_seccomp_rule() -> Result<Vec<SeccompRule>, Error> {
 }
 
 fn create_signal_handler_ioctl_seccomp_rule() -> Result<Vec<SeccompRule>, Error> {
-    Ok(or![and![Cond::new(1, ArgLen::DWORD, Eq, TIOCGWINSZ)?],])
+    Ok(or![
+        and![Cond::new(1, ArgLen::DWORD, Eq, TCGETS)?],
+        and![Cond::new(1, ArgLen::DWORD, Eq, TCSETS)?],
+        and![Cond::new(1, ArgLen::DWORD, Eq, TIOCGWINSZ)?],
+    ])
 }
 
 fn signal_handler_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {