vmm: seccomp: Add getrandom to vCPU thread filter

This can be triggered upon device reset.

Fixes: #2278

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
Rob Bradford 2021-02-18 15:22:03 +00:00
parent 0d209e135e
commit c1d9edbfc0

View File

@ -419,6 +419,7 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
allow_syscall(libc::SYS_exit),
allow_syscall(libc::SYS_fstat),
allow_syscall(libc::SYS_futex),
allow_syscall(libc::SYS_getrandom),
allow_syscall(libc::SYS_getpid),
allow_syscall_if(libc::SYS_ioctl, create_vcpu_ioctl_seccomp_rule()?),
allow_syscall(libc::SYS_lseek),