summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2020-07-15 22:20:36 +0000
committergVisor bot <gvisor-bot@google.com>2020-07-15 22:20:36 +0000
commitc75b9053f6dd6312317c0c5d9ba36f8f00db8e88 (patch)
tree94f7a049b70d4dd929d1ea74e7df336fb42569ea /runsc/boot
parenta89a57d437616c9d2463a8d78c37080e4d6edf19 (diff)
parentdb653bb34baeba24b8b658eb0985e4c5185344cb (diff)
Merge release-20200622.1-164-gdb653bb34 (automated)
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/filter/config.go11
1 files changed, 2 insertions, 9 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 60e33425f..149eb0b1b 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -310,19 +310,12 @@ var allowedSyscalls = seccomp.SyscallRules{
},
},
syscall.SYS_WRITE: {},
- // The only user in rawfile.NonBlockingWrite3 always passes iovcnt with
- // values 2 or 3. Three iovec-s are passed, when the PACKET_VNET_HDR
- // option is enabled for a packet socket.
+ // For rawfile.NonBlockingWriteIovec.
syscall.SYS_WRITEV: []seccomp.Rule{
{
seccomp.AllowAny{},
seccomp.AllowAny{},
- seccomp.AllowValue(2),
- },
- {
- seccomp.AllowAny{},
- seccomp.AllowAny{},
- seccomp.AllowValue(3),
+ seccomp.GreaterThan(0),
},
},
}