diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-10-06 20:58:25 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-10-06 20:58:25 +0000 |
commit | 2eb23dc26e781a4257c3b2e15d379f19ee564bc4 (patch) | |
tree | c421bae79411ba0d375617f1f33ff0241c466428 /runsc/boot | |
parent | d4b4f987ea7705c819cd9da8ca9529784a30d745 (diff) | |
parent | 1336af78d5dc2a6bc54d22ed45f4dd4793c2f964 (diff) |
Merge release-20200928.0-55-g1336af78d (automated)
Diffstat (limited to 'runsc/boot')
-rw-r--r-- | runsc/boot/filter/config.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 6ac19668f..a7c4ebb0c 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -162,6 +162,12 @@ var allowedSyscalls = seccomp.SyscallRules{ }, syscall.SYS_LSEEK: {}, syscall.SYS_MADVISE: {}, + unix.SYS_MEMBARRIER: []seccomp.Rule{ + { + seccomp.EqualTo(linux.MEMBARRIER_CMD_GLOBAL), + seccomp.EqualTo(0), + }, + }, syscall.SYS_MINCORE: {}, // Used by the Go runtime as a temporarily workaround for a Linux // 5.2-5.4 bug. |