External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-10-02 11:35:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

vmm: seccomp: Add open() to vCPU permitted syscalls

Browse Source 
Older libc (like RHEL7) uses open() rather than openat(). This was
demonstrated through a failure to open /etc/localtime as used by
gmtime() libc call trigged from the vCPU thread (CMOS device.)

Fixes: #2111

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
Rob Bradford 2021-01-11 09:34:37 +00:00 committed by Sebastien Boeuf
parent df522cf12c
commit cb826aa2f1
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vmm/src/seccomp_filters.rs
View File

@ -447,6 +447,8 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
allow_syscall(libc::SYS_mprotect), allow_syscall(libc::SYS_mprotect),
allow_syscall(libc::SYS_munmap), allow_syscall(libc::SYS_munmap),
allow_syscall(libc::SYS_nanosleep), allow_syscall(libc::SYS_nanosleep),
#[cfg(target_arch = "x86_64")]
allow_syscall(libc::SYS_open),
allow_syscall(libc::SYS_openat), allow_syscall(libc::SYS_openat),
#[cfg(target_arch = "aarch64")] #[cfg(target_arch = "aarch64")]
allow_syscall(libc::SYS_newfstatat), allow_syscall(libc::SYS_newfstatat),