vmm: Update the http thread's seccomp filter

Because the http thread no longer needs to create the api socket,
remove the socket, bind and listen syscalls from the seccomp filter.

Signed-off-by: William Douglas <william.douglas@intel.com>

vmm/src/seccomp_filters.rs

@@ -461,7 +461,6 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
 fn api_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
     Ok(vec![
         allow_syscall(libc::SYS_accept4),
-        allow_syscall(libc::SYS_bind),
         allow_syscall(libc::SYS_brk),
         allow_syscall(libc::SYS_close),
         allow_syscall(libc::SYS_dup),
@@ -474,13 +473,11 @@ fn api_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
         allow_syscall(libc::SYS_futex),
         allow_syscall(libc::SYS_getrandom),
         allow_syscall_if(libc::SYS_ioctl, create_api_ioctl_seccomp_rule()?),
-        allow_syscall(libc::SYS_listen),
         allow_syscall(libc::SYS_madvise),
         allow_syscall(libc::SYS_mprotect),
         allow_syscall(libc::SYS_munmap),
         allow_syscall(libc::SYS_recvfrom),
         allow_syscall(libc::SYS_sigaltstack),
-        allow_syscall(libc::SYS_socket),
         allow_syscall(libc::SYS_write),
     ])
 }