vmm: seccomp: Permit syscalls used for vfio-user on vCPU thread

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2024-10-01 02:55:45 +00:00 · 2021-08-05 15:57:20 +00:00 · 2021-08-05 15:57:20 +00:00 · 5e74848ab4
commit 5e74848ab4
parent 7935430f6b
1 changed files with 2 additions and 0 deletions
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@ -573,6 +573,7 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
        allow_syscall(libc::SYS_pread64),
        allow_syscall(libc::SYS_pwrite64),
        allow_syscall(libc::SYS_read),
+        allow_syscall(libc::SYS_recvfrom),
        allow_syscall(libc::SYS_recvmsg),
        allow_syscall(libc::SYS_rt_sigaction),
        allow_syscall(libc::SYS_rt_sigprocmask),
@ -586,6 +587,7 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
        #[cfg(target_arch = "aarch64")]
        allow_syscall(libc::SYS_unlinkat),
        allow_syscall(libc::SYS_write),
+        allow_syscall(libc::SYS_writev),
    ])
 }