From f70852c04b65e7ae9f9a6edfa471bd00b9fead07 Mon Sep 17 00:00:00 2001
From: Sebastien Boeuf <sebastien.boeuf@intel.com>
Date: Fri, 8 Jan 2021 11:29:39 +0100
Subject: [PATCH] virtio-devices: Update seccomp filters for virtio-net thread

On aarch64, the openat() syscall was missing from the seccomp filters
list, preventing the test_watchdog from running properly.

Fixes #2103

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
 virtio-devices/src/seccomp_filters.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/virtio-devices/src/seccomp_filters.rs b/virtio-devices/src/seccomp_filters.rs
index d9b433271..03208ecc9 100644
--- a/virtio-devices/src/seccomp_filters.rs
+++ b/virtio-devices/src/seccomp_filters.rs
@@ -223,6 +223,7 @@ fn virtio_net_thread_rules() -> Result<Vec<SyscallRuleSet>, Error> {
         allow_syscall(libc::SYS_futex),
         allow_syscall(libc::SYS_madvise),
         allow_syscall(libc::SYS_munmap),
+        allow_syscall(libc::SYS_openat),
         allow_syscall(libc::SYS_read),
         allow_syscall(libc::SYS_rt_sigprocmask),
         allow_syscall(libc::SYS_sigaltstack),