diff options
author | Michael Pratt <mpratt@google.com> | 2019-10-10 13:39:55 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-10-10 13:41:29 -0700 |
commit | a5170fd825efbea0550137b5979f7bd08398aa55 (patch) | |
tree | 34664f4e4625bf2633acb8e9690373845466dc46 | |
parent | f8b18593198cf7ca1adfca19d846e66080b07942 (diff) |
Allow rt_sigreturn in runsc gofer
rt_sigreturn is required for signal handling (e.g., SIGSEGV for nil-pointer
dereference). Before this, nil-pointer dereferences cause a syscall violation
instead of a panic.
PiperOrigin-RevId: 274028767
-rw-r--r-- | runsc/fsgofer/filter/config.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/runsc/fsgofer/filter/config.go b/runsc/fsgofer/filter/config.go index c7922b54f..0bf7507b7 100644 --- a/runsc/fsgofer/filter/config.go +++ b/runsc/fsgofer/filter/config.go @@ -177,6 +177,7 @@ var allowedSyscalls = seccomp.SyscallRules{ syscall.SYS_RENAMEAT: {}, syscall.SYS_RESTART_SYSCALL: {}, syscall.SYS_RT_SIGPROCMASK: {}, + syscall.SYS_RT_SIGRETURN: {}, syscall.SYS_SCHED_YIELD: {}, syscall.SYS_SENDMSG: []seccomp.Rule{ // Used by fdchannel.Endpoint.SendFD(). |