diff options
author | Andrei Vagin <avagin@google.com> | 2019-06-28 11:48:27 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-06-28 11:49:45 -0700 |
commit | 8a625ceeb173307094e81d273458b6651e54220a (patch) | |
tree | 232bf1a0234e303a4510df03548316c088d5413f | |
parent | b2907595e5e974d2b011ea011033aa06d796e090 (diff) |
runsc: allow openat for runsc-race
I see that runsc-race is killed by SIGSYS, because openat isn't
allowed by seccomp filters:
60052 openat(AT_FDCWD, "/proc/sys/vm/overcommit_memory",
O_RDONLY|O_CLOEXEC <unfinished ...>
60052 <... openat resumed> ) = 257
60052 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0xfaacf1,
si_syscall=__NR_openat, si_arch=AUDIT_ARCH_X86_64} ---
PiperOrigin-RevId: 255640808
-rw-r--r-- | runsc/boot/filter/extra_filters_race.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/runsc/boot/filter/extra_filters_race.go b/runsc/boot/filter/extra_filters_race.go index d5bee4453..9ff80276a 100644 --- a/runsc/boot/filter/extra_filters_race.go +++ b/runsc/boot/filter/extra_filters_race.go @@ -33,6 +33,7 @@ func instrumentationFilters() seccomp.SyscallRules { syscall.SYS_MUNLOCK: {}, syscall.SYS_NANOSLEEP: {}, syscall.SYS_OPEN: {}, + syscall.SYS_OPENAT: {}, syscall.SYS_SET_ROBUST_LIST: {}, // Used within glibc's malloc. syscall.SYS_TIME: {}, |