mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-22 13:45:20 +00:00
seccomp: Add ioctls to seccomp filter for guest debug
This commit adds `KVM_SET_GUEST_DEBUG` and `KVM_TRANSLATE` ioctls to seccomp filter to enable guest debugging without `--seccomp=false`. Signed-off-by: Akira Moroo <retrage01@gmail.com>
This commit is contained in:
parent
f452e51488
commit
a2a492f3df
@ -294,6 +294,8 @@ fn create_vmm_ioctl_seccomp_rule_kvm() -> Result<Vec<SeccompRule>, BackendError>
|
||||
const KVM_SET_TSS_ADDR: u64 = 0xae47;
|
||||
const KVM_SET_XCRS: u64 = 0x4188_aea7;
|
||||
const KVM_SET_XSAVE: u64 = 0x5000_aea5;
|
||||
const KVM_SET_GUEST_DEBUG: u64 = 0x4048_ae9b;
|
||||
const KVM_TRANSLATE: u64 = 0xc018_ae85;
|
||||
|
||||
let common_rules = create_vmm_ioctl_seccomp_rule_common()?;
|
||||
let mut arch_rules = or![
|
||||
@ -318,6 +320,8 @@ fn create_vmm_ioctl_seccomp_rule_kvm() -> Result<Vec<SeccompRule>, BackendError>
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_MSRS)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_XCRS,)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_XSAVE,)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_GUEST_DEBUG,)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_TRANSLATE,)?],
|
||||
];
|
||||
arch_rules.extend(common_rules);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user