From 6307db56995ce84fe0ce5a4544e8fb83b95272be Mon Sep 17 00:00:00 2001
From: Bo Chen <chen.bo@intel.com>
Date: Mon, 15 Mar 2021 11:58:26 -0700
Subject: [PATCH] virtio-devices: seccomp: Add 'timerfd_settime' to block
 device

The `timerfd_settime` syscall is required when I/O throttling is
enabled.

Signed-off-by: Bo Chen <chen.bo@intel.com>
---
 virtio-devices/src/seccomp_filters.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/virtio-devices/src/seccomp_filters.rs b/virtio-devices/src/seccomp_filters.rs
index 5fb8b2335..c61f9022f 100644
--- a/virtio-devices/src/seccomp_filters.rs
+++ b/virtio-devices/src/seccomp_filters.rs
@@ -132,6 +132,7 @@ fn virtio_block_thread_rules() -> Vec<SyscallRuleSet> {
         allow_syscall(libc::SYS_sched_getaffinity),
         allow_syscall(libc::SYS_set_robust_list),
         allow_syscall(libc::SYS_sigaltstack),
+        allow_syscall(libc::SYS_timerfd_settime),
         allow_syscall(libc::SYS_write),
     ]
 }