mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-23 14:15:19 +00:00
vmm: Update seccomp filters for HTTP thread
The micro-http crate now uses recvmsg() syscall in order to receive file descriptors through control messages. This means the syscall must be part of the authorized list in the seccomp filters. Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit is contained in:
parent
e60078d939
commit
d68c388cac
@ -595,6 +595,7 @@ fn api_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
|
||||
allow_syscall(libc::SYS_mprotect),
|
||||
allow_syscall(libc::SYS_munmap),
|
||||
allow_syscall(libc::SYS_recvfrom),
|
||||
allow_syscall(libc::SYS_recvmsg),
|
||||
allow_syscall(libc::SYS_sigaltstack),
|
||||
allow_syscall(libc::SYS_write),
|
||||
])
|
||||
|
Loading…
Reference in New Issue
Block a user