From c1d9edbfc040c213e9c68a16e89331d88fb6b793 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Thu, 18 Feb 2021 15:22:03 +0000 Subject: [PATCH] vmm: seccomp: Add getrandom to vCPU thread filter This can be triggered upon device reset. Fixes: #2278 Signed-off-by: Rob Bradford --- vmm/src/seccomp_filters.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs index 69b475578..fe5ee4d64 100644 --- a/vmm/src/seccomp_filters.rs +++ b/vmm/src/seccomp_filters.rs @@ -419,6 +419,7 @@ fn vcpu_thread_rules() -> Result, Error> { allow_syscall(libc::SYS_exit), allow_syscall(libc::SYS_fstat), allow_syscall(libc::SYS_futex), + allow_syscall(libc::SYS_getrandom), allow_syscall(libc::SYS_getpid), allow_syscall_if(libc::SYS_ioctl, create_vcpu_ioctl_seccomp_rule()?), allow_syscall(libc::SYS_lseek),