summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2020-10-06 20:58:25 +0000
committergVisor bot <gvisor-bot@google.com>2020-10-06 20:58:25 +0000
commit2eb23dc26e781a4257c3b2e15d379f19ee564bc4 (patch)
treec421bae79411ba0d375617f1f33ff0241c466428 /runsc/boot
parentd4b4f987ea7705c819cd9da8ca9529784a30d745 (diff)
parent1336af78d5dc2a6bc54d22ed45f4dd4793c2f964 (diff)
Merge release-20200928.0-55-g1336af78d (automated)
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/filter/config.go6
1 files changed, 6 insertions, 0 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 6ac19668f..a7c4ebb0c 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -162,6 +162,12 @@ var allowedSyscalls = seccomp.SyscallRules{
},
syscall.SYS_LSEEK: {},
syscall.SYS_MADVISE: {},
+ unix.SYS_MEMBARRIER: []seccomp.Rule{
+ {
+ seccomp.EqualTo(linux.MEMBARRIER_CMD_GLOBAL),
+ seccomp.EqualTo(0),
+ },
+ },
syscall.SYS_MINCORE: {},
// Used by the Go runtime as a temporarily workaround for a Linux
// 5.2-5.4 bug.