summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMichael Pratt <mpratt@google.com>2018-06-14 10:10:09 -0700
committerShentubot <shentubot@google.com>2018-06-14 10:11:05 -0700
commitd71f5ef6885b9c241018308944e4b2e4b4857029 (patch)
treefc80be1fb5560512dfddaec82c3c96e9e07da73b
parentf5d0c59f5c736f5f7fceb566e134f41b03229c22 (diff)
Add nanosleep filter for Go 1.11 support
golang.org/cl/108538 replaces pselect6 with nanosleep in runtime.usleep. Update the filters accordingly. PiperOrigin-RevId: 200574612 Change-Id: Ifb2296fcb3781518fc047aabbbffedb9ae488cd7
-rw-r--r--runsc/boot/filter/BUILD2
-rw-r--r--runsc/boot/filter/config.go1
-rw-r--r--runsc/boot/filter/config_go110.go30
-rw-r--r--runsc/boot/filter/config_go111.go27
4 files changed, 59 insertions, 1 deletions
diff --git a/runsc/boot/filter/BUILD b/runsc/boot/filter/BUILD
index fd1b18717..c9837c236 100644
--- a/runsc/boot/filter/BUILD
+++ b/runsc/boot/filter/BUILD
@@ -6,6 +6,8 @@ go_library(
name = "filter",
srcs = [
"config.go",
+ "config_go110.go",
+ "config_go111.go",
"extra_filters.go",
"extra_filters_msan.go",
"extra_filters_race.go",
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 86c256c5b..4e286c5da 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -61,7 +61,6 @@ var allowedSyscalls = seccomp.SyscallRules{
syscall.SYS_NEWFSTATAT: {},
syscall.SYS_POLL: {},
syscall.SYS_PREAD64: {},
- syscall.SYS_PSELECT6: {},
syscall.SYS_PWRITE64: {},
syscall.SYS_READ: {},
syscall.SYS_READLINKAT: {},
diff --git a/runsc/boot/filter/config_go110.go b/runsc/boot/filter/config_go110.go
new file mode 100644
index 000000000..f4feb4ce4
--- /dev/null
+++ b/runsc/boot/filter/config_go110.go
@@ -0,0 +1,30 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build !go1.11
+
+package filter
+
+import (
+ "syscall"
+
+ "gvisor.googlesource.com/gvisor/pkg/seccomp"
+)
+
+// TODO: Remove this file and merge config_go111.go back into
+// config.go once we no longer build with Go 1.10.
+
+func init() {
+ allowedSyscalls[syscall.SYS_PSELECT6] = []seccomp.Rule{}
+}
diff --git a/runsc/boot/filter/config_go111.go b/runsc/boot/filter/config_go111.go
new file mode 100644
index 000000000..f5eb2c3c8
--- /dev/null
+++ b/runsc/boot/filter/config_go111.go
@@ -0,0 +1,27 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +build go1.11
+
+package filter
+
+import (
+ "syscall"
+
+ "gvisor.googlesource.com/gvisor/pkg/seccomp"
+)
+
+func init() {
+ allowedSyscalls[syscall.SYS_NANOSLEEP] = []seccomp.Rule{}
+}