mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-22 21:55:20 +00:00
vmm: seccomp: Add open() to vCPU permitted syscalls
Older libc (like RHEL7) uses open() rather than openat(). This was demonstrated through a failure to open /etc/localtime as used by gmtime() libc call trigged from the vCPU thread (CMOS device.) Fixes: #2111 Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
parent
df522cf12c
commit
cb826aa2f1
@ -447,6 +447,8 @@ fn vcpu_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
|
||||
allow_syscall(libc::SYS_mprotect),
|
||||
allow_syscall(libc::SYS_munmap),
|
||||
allow_syscall(libc::SYS_nanosleep),
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
allow_syscall(libc::SYS_open),
|
||||
allow_syscall(libc::SYS_openat),
|
||||
#[cfg(target_arch = "aarch64")]
|
||||
allow_syscall(libc::SYS_newfstatat),
|
||||
|
Loading…
Reference in New Issue
Block a user