Allow fstatat back in syscall filters

PiperOrigin-RevId: 212483372 Change-Id: If95f32a8e41126cf3dc8bd6c8b2fb0fcfefedc6d
author: Fabricio Voznika <fvoznika@google.com> 2018-09-11 11:04:06 -0700
committer: Shentubot <shentubot@google.com> 2018-09-11 11:05:09 -0700
commit: c44bc6612fc4554d0aa4e484a46cd1f6b6a7b5c5 (patch)
tree: 52efa7eb581ec82ac6e581f9b1cb628e6eadf62a /runsc/boot
parent: a29c39aa629b6118765e5075eb228752934d7081 (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 1a0c426ab..8cdf56963 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -205,13 +205,14 @@ var allowedSyscalls = seccomp.SyscallRules{
 			seccomp.AllowValue(syscall.MAP_PRIVATE | syscall.MAP_ANONYMOUS | syscall.MAP_FIXED),
 		},
 	},
-	syscall.SYS_MPROTECT:  {},
-	syscall.SYS_MUNMAP:    {},
-	syscall.SYS_NANOSLEEP: {},
-	syscall.SYS_POLL:      {},
-	syscall.SYS_PREAD64:   {},
-	syscall.SYS_PWRITE64:  {},
-	syscall.SYS_READ:      {},
+	syscall.SYS_MPROTECT:   {},
+	syscall.SYS_MUNMAP:     {},
+	syscall.SYS_NANOSLEEP:  {},
+	syscall.SYS_NEWFSTATAT: {},
+	syscall.SYS_POLL:       {},
+	syscall.SYS_PREAD64:    {},
+	syscall.SYS_PWRITE64:   {},
+	syscall.SYS_READ:       {},
 	syscall.SYS_READV: []seccomp.Rule{
 		{
 			seccomp.AllowAny{},
author	Fabricio Voznika <fvoznika@google.com>	2018-09-11 11:04:06 -0700
committer	Shentubot <shentubot@google.com>	2018-09-11 11:05:09 -0700
commit	c44bc6612fc4554d0aa4e484a46cd1f6b6a7b5c5 (patch)
tree	52efa7eb581ec82ac6e581f9b1cb628e6eadf62a /runsc/boot
parent	a29c39aa629b6118765e5075eb228752934d7081 (diff)