From bde81405a84f10e27e4d260415ae14ce471c7e13 Mon Sep 17 00:00:00 2001
From: Rob Bradford <robert.bradford@intel.com>
Date: Thu, 16 Dec 2021 17:49:59 +0000
Subject: [PATCH] vmm: seccomp: Remove fork & evecve syscalls

These were use for the self spawning vhost-user device feature that has
been removed.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 vmm/src/seccomp_filters.rs | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs
index f2aa76bfa..55112c899 100644
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@@ -427,14 +427,11 @@ fn vmm_thread_rules() -> Result<Vec<(i64, Vec<SeccompRule>)>, BackendError> {
         #[cfg(target_arch = "x86_64")]
         (libc::SYS_epoll_wait, vec![]),
         (libc::SYS_eventfd2, vec![]),
-        (libc::SYS_execve, vec![]),
         (libc::SYS_exit, vec![]),
         (libc::SYS_exit_group, vec![]),
         (libc::SYS_fallocate, vec![]),
         (libc::SYS_fcntl, vec![]),
         (libc::SYS_fdatasync, vec![]),
-        #[cfg(target_arch = "x86_64")]
-        (libc::SYS_fork, vec![]),
         (libc::SYS_fstat, vec![]),
         (libc::SYS_fsync, vec![]),
         (libc::SYS_ftruncate, vec![]),