External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-10-04 04:25:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

vmm: Update seccomp filters with clock_nanosleep

Browse Source 
The clock_nanosleep system call needs to be whitelisted since the commit
12e00c0f45 introduced the use of a sleep()
function. Without this patch, we can see an error when the VM is paused
or killed.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit is contained in:
Sebastien Boeuf 2020-05-15 10:45:49 +02:00
parent badf826196
commit 68fc432978
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
vmm/src/seccomp_filters.rs
View File

@ -196,6 +196,7 @@ pub fn vmm_thread_filter() -> Result<SeccompFilter, Error> {
allow_syscall(libc::SYS_bind), allow_syscall(libc::SYS_bind),
allow_syscall(libc::SYS_brk), allow_syscall(libc::SYS_brk),
allow_syscall(libc::SYS_clock_gettime), allow_syscall(libc::SYS_clock_gettime),
allow_syscall(libc::SYS_clock_nanosleep),
allow_syscall(libc::SYS_clone), allow_syscall(libc::SYS_clone),
allow_syscall(libc::SYS_close), allow_syscall(libc::SYS_close),
allow_syscall(libc::SYS_connect), allow_syscall(libc::SYS_connect),