diff options
author | Fabricio Voznika <fvoznika@google.com> | 2018-09-11 11:04:06 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-09-11 11:05:09 -0700 |
commit | c44bc6612fc4554d0aa4e484a46cd1f6b6a7b5c5 (patch) | |
tree | 52efa7eb581ec82ac6e581f9b1cb628e6eadf62a | |
parent | a29c39aa629b6118765e5075eb228752934d7081 (diff) |
Allow fstatat back in syscall filters
PiperOrigin-RevId: 212483372
Change-Id: If95f32a8e41126cf3dc8bd6c8b2fb0fcfefedc6d
-rw-r--r-- | runsc/boot/filter/config.go | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 1a0c426ab..8cdf56963 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -205,13 +205,14 @@ var allowedSyscalls = seccomp.SyscallRules{ seccomp.AllowValue(syscall.MAP_PRIVATE | syscall.MAP_ANONYMOUS | syscall.MAP_FIXED), }, }, - syscall.SYS_MPROTECT: {}, - syscall.SYS_MUNMAP: {}, - syscall.SYS_NANOSLEEP: {}, - syscall.SYS_POLL: {}, - syscall.SYS_PREAD64: {}, - syscall.SYS_PWRITE64: {}, - syscall.SYS_READ: {}, + syscall.SYS_MPROTECT: {}, + syscall.SYS_MUNMAP: {}, + syscall.SYS_NANOSLEEP: {}, + syscall.SYS_NEWFSTATAT: {}, + syscall.SYS_POLL: {}, + syscall.SYS_PREAD64: {}, + syscall.SYS_PWRITE64: {}, + syscall.SYS_READ: {}, syscall.SYS_READV: []seccomp.Rule{ { seccomp.AllowAny{}, |