Allow rt_sigaction in gofer seccomp

rt_sigaction may be called by Go runtime when trying to panic: https://cs.opensource.google/go/go/+/master:src/runtime/signal_unix.go;drc=ed3e4afa12d655a0c5606bcf3dd4e1cdadcb1476;bpv=1;bpt=1;l=780?q=rt_sigaction&ss=go Updates #5038 PiperOrigin-RevId: 357013186
author: Fabricio Voznika <fvoznika@google.com> 2021-02-11 10:58:55 -0800
committer: gVisor bot <gvisor-bot@google.com> 2021-02-11 11:01:21 -0800
commit: 192780946fdf584c5e504b24f47dbd9bd411a3a6 (patch)
tree: c17b7260746347f6a659e2bee106f13bdca77791
parent: 81ea0016e62318053f97ec714967047e6191fb2b (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/runsc/fsgofer/filter/config.go b/runsc/fsgofer/filter/config.go
index f92e2f80e..d1af539cb 100644
--- a/runsc/fsgofer/filter/config.go
+++ b/runsc/fsgofer/filter/config.go
@@ -182,9 +182,11 @@ var allowedSyscalls = seccomp.SyscallRules{
 	},
 	syscall.SYS_RENAMEAT:        {},
 	syscall.SYS_RESTART_SYSCALL: {},
-	syscall.SYS_RT_SIGPROCMASK:  {},
-	syscall.SYS_RT_SIGRETURN:    {},
-	syscall.SYS_SCHED_YIELD:     {},
+	// May be used by the runtime during panic().
+	syscall.SYS_RT_SIGACTION:   {},
+	syscall.SYS_RT_SIGPROCMASK: {},
+	syscall.SYS_RT_SIGRETURN:   {},
+	syscall.SYS_SCHED_YIELD:    {},
 	syscall.SYS_SENDMSG: []seccomp.Rule{
 		// Used by fdchannel.Endpoint.SendFD().
 		{
author	Fabricio Voznika <fvoznika@google.com>	2021-02-11 10:58:55 -0800
committer	gVisor bot <gvisor-bot@google.com>	2021-02-11 11:01:21 -0800
commit	192780946fdf584c5e504b24f47dbd9bd411a3a6 (patch)
tree	c17b7260746347f6a659e2bee106f13bdca77791
parent	81ea0016e62318053f97ec714967047e6191fb2b (diff)