From c02a02edfc29788834d012639f66a9686ae2d324 Mon Sep 17 00:00:00 2001
From: Sebastien Boeuf <sebastien.boeuf@intel.com>
Date: Tue, 6 Oct 2020 13:12:40 +0200
Subject: [PATCH] vmm: Allow unlink syscall for vCPU threads

Without the unlink(2) syscall being allowed, Cloud-Hypervisor crashes
when we remove a virtio-vsock device that has been previously added.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
 vmm/src/seccomp_filters.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs
index 889ce2097..cc9ed3689 100644
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@@ -460,6 +460,10 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
         allow_syscall(libc::SYS_statx),
         allow_syscall(libc::SYS_tgkill),
         allow_syscall(libc::SYS_tkill),
+        #[cfg(target_arch = "x86_64")]
+        allow_syscall(libc::SYS_unlink),
+        #[cfg(target_arch = "aarch64")]
+        allow_syscall(libc::SYS_unlinkat),
         allow_syscall(libc::SYS_write),
     ])
 }