summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMichael Pratt <mpratt@google.com>2019-10-10 13:39:55 -0700
committergVisor bot <gvisor-bot@google.com>2019-10-10 13:41:29 -0700
commita5170fd825efbea0550137b5979f7bd08398aa55 (patch)
tree34664f4e4625bf2633acb8e9690373845466dc46
parentf8b18593198cf7ca1adfca19d846e66080b07942 (diff)
Allow rt_sigreturn in runsc gofer
rt_sigreturn is required for signal handling (e.g., SIGSEGV for nil-pointer dereference). Before this, nil-pointer dereferences cause a syscall violation instead of a panic. PiperOrigin-RevId: 274028767
-rw-r--r--runsc/fsgofer/filter/config.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/runsc/fsgofer/filter/config.go b/runsc/fsgofer/filter/config.go
index c7922b54f..0bf7507b7 100644
--- a/runsc/fsgofer/filter/config.go
+++ b/runsc/fsgofer/filter/config.go
@@ -177,6 +177,7 @@ var allowedSyscalls = seccomp.SyscallRules{
syscall.SYS_RENAMEAT: {},
syscall.SYS_RESTART_SYSCALL: {},
syscall.SYS_RT_SIGPROCMASK: {},
+ syscall.SYS_RT_SIGRETURN: {},
syscall.SYS_SCHED_YIELD: {},
syscall.SYS_SENDMSG: []seccomp.Rule{
// Used by fdchannel.Endpoint.SendFD().