virtio-devices: vsock: Add 'brk' to the seccomp list

We observed CI instability for the past couple of days. This
instability is confirmed to be a result of incomplete seccomp
filters. Given the filter on 'virtio_vsock' is recently added and
is missing 'brk', it is likely to be the root cause of the
instability.

Signed-off-by: Bo Chen <chen.bo@intel.com>
This commit is contained in:
Bo Chen 2020-09-10 16:59:25 -07:00 committed by Sebastien Boeuf
parent 9682d74763
commit b4f6db5f31

View File

@ -382,6 +382,7 @@ fn create_vsock_ioctl_seccomp_rule() -> Result<Vec<SeccompRule>, Error> {
fn virtio_vsock_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> { fn virtio_vsock_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
Ok(vec![ Ok(vec![
allow_syscall(libc::SYS_accept4), allow_syscall(libc::SYS_accept4),
allow_syscall(libc::SYS_brk),
allow_syscall(libc::SYS_close), allow_syscall(libc::SYS_close),
allow_syscall(libc::SYS_dup), allow_syscall(libc::SYS_dup),
allow_syscall(libc::SYS_epoll_create1), allow_syscall(libc::SYS_epoll_create1),