summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorJamie Liu <jamieliu@google.com>2020-10-06 13:53:26 -0700
committergVisor bot <gvisor-bot@google.com>2020-10-06 13:55:16 -0700
commit1336af78d5dc2a6bc54d22ed45f4dd4793c2f964 (patch)
tree17caf73cd5ff66b1ef78f886e6efeaa71e6aca20 /runsc/boot
parent3dc3fb2375e9b2296611734980e8ae38334622de (diff)
Implement membarrier(2) commands other than *_SYNC_CORE.
Updates #267 PiperOrigin-RevId: 335713923
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/filter/config.go6
1 files changed, 6 insertions, 0 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 6ac19668f..a7c4ebb0c 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -162,6 +162,12 @@ var allowedSyscalls = seccomp.SyscallRules{
},
syscall.SYS_LSEEK: {},
syscall.SYS_MADVISE: {},
+ unix.SYS_MEMBARRIER: []seccomp.Rule{
+ {
+ seccomp.EqualTo(linux.MEMBARRIER_CMD_GLOBAL),
+ seccomp.EqualTo(0),
+ },
+ },
syscall.SYS_MINCORE: {},
// Used by the Go runtime as a temporarily workaround for a Linux
// 5.2-5.4 bug.