mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-23 06:05:21 +00:00
vmm: seccomp: Add getrandom to vCPU thread filter
This can be triggered upon device reset. Fixes: #2278 Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
parent
0d209e135e
commit
c1d9edbfc0
@ -419,6 +419,7 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
|
||||
allow_syscall(libc::SYS_exit),
|
||||
allow_syscall(libc::SYS_fstat),
|
||||
allow_syscall(libc::SYS_futex),
|
||||
allow_syscall(libc::SYS_getrandom),
|
||||
allow_syscall(libc::SYS_getpid),
|
||||
allow_syscall_if(libc::SYS_ioctl, create_vcpu_ioctl_seccomp_rule()?),
|
||||
allow_syscall(libc::SYS_lseek),
|
||||
|
Loading…
Reference in New Issue
Block a user