Expand syscall filters to support MSAN.

PiperOrigin-RevId: 314997564
author: Nicolas Lacasse <nlacasse@google.com> 2020-06-05 14:32:17 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-06-05 14:33:50 -0700
commit: e4e11f2798db1c063e588383e237f1f5b06809db (patch)
tree: 32781b27b3d75de93a68e73e1aa5fd57c11f0f00
parent: 6d9a68ca41eb8470dd492624916fcf50382050fa (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/runsc/boot/filter/extra_filters_msan.go b/runsc/boot/filter/extra_filters_msan.go
index 5e5a3c998..209e646a7 100644
--- a/runsc/boot/filter/extra_filters_msan.go
+++ b/runsc/boot/filter/extra_filters_msan.go
@@ -26,6 +26,8 @@ import (
 func instrumentationFilters() seccomp.SyscallRules {
 	Report("MSAN is enabled: syscall filters less restrictive!")
 	return seccomp.SyscallRules{
+		syscall.SYS_CLONE:             {},
+		syscall.SYS_MMAP:              {},
 		syscall.SYS_SCHED_GETAFFINITY: {},
 		syscall.SYS_SET_ROBUST_LIST:   {},
 	}
author	Nicolas Lacasse <nlacasse@google.com>	2020-06-05 14:32:17 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-06-05 14:33:50 -0700
commit	e4e11f2798db1c063e588383e237f1f5b06809db (patch)
tree	32781b27b3d75de93a68e73e1aa5fd57c11f0f00
parent	6d9a68ca41eb8470dd492624916fcf50382050fa (diff)