From a2a492f3df9fe104dea0ef37c25a490ebe34ab2c Mon Sep 17 00:00:00 2001 From: Akira Moroo Date: Sun, 30 Jan 2022 19:59:15 +0900 Subject: [PATCH] seccomp: Add ioctls to seccomp filter for guest debug This commit adds `KVM_SET_GUEST_DEBUG` and `KVM_TRANSLATE` ioctls to seccomp filter to enable guest debugging without `--seccomp=false`. Signed-off-by: Akira Moroo --- vmm/src/seccomp_filters.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs index 4af4ed875..f0b354329 100644 --- a/vmm/src/seccomp_filters.rs +++ b/vmm/src/seccomp_filters.rs @@ -294,6 +294,8 @@ fn create_vmm_ioctl_seccomp_rule_kvm() -> Result, BackendError> const KVM_SET_TSS_ADDR: u64 = 0xae47; const KVM_SET_XCRS: u64 = 0x4188_aea7; const KVM_SET_XSAVE: u64 = 0x5000_aea5; + const KVM_SET_GUEST_DEBUG: u64 = 0x4048_ae9b; + const KVM_TRANSLATE: u64 = 0xc018_ae85; let common_rules = create_vmm_ioctl_seccomp_rule_common()?; let mut arch_rules = or![ @@ -318,6 +320,8 @@ fn create_vmm_ioctl_seccomp_rule_kvm() -> Result, BackendError> and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_MSRS)?], and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_XCRS,)?], and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_XSAVE,)?], + and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_GUEST_DEBUG,)?], + and![Cond::new(1, ArgLen::Dword, Eq, KVM_TRANSLATE,)?], ]; arch_rules.extend(common_rules);