summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
authorTing-Yu Wang <anivia@google.com>2020-07-15 15:04:10 -0700
committergVisor bot <gvisor-bot@google.com>2020-07-15 15:05:32 -0700
commitdb653bb34baeba24b8b658eb0985e4c5185344cb (patch)
treea71ac8d63cfc06983b94d7c4aca40ec5272baf0c /runsc
parent857d03f258ffafb815698917f2a1ee9e7e265464 (diff)
fdbased: Vectorized write for packet; relax writev syscall filter.
Now it calls pkt.Data.ToView() when writing the packet. This may require copying when the packet is large, which puts the worse case in an even worse situation. This sent out in a separate preparation change as it requires syscall filter changes. This change will be followed by the change for the adoption of the new PacketHeader API. PiperOrigin-RevId: 321447003
Diffstat (limited to 'runsc')
-rw-r--r--runsc/boot/filter/config.go11
1 files changed, 2 insertions, 9 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 60e33425f..149eb0b1b 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -310,19 +310,12 @@ var allowedSyscalls = seccomp.SyscallRules{
},
},
syscall.SYS_WRITE: {},
- // The only user in rawfile.NonBlockingWrite3 always passes iovcnt with
- // values 2 or 3. Three iovec-s are passed, when the PACKET_VNET_HDR
- // option is enabled for a packet socket.
+ // For rawfile.NonBlockingWriteIovec.
syscall.SYS_WRITEV: []seccomp.Rule{
{
seccomp.AllowAny{},
seccomp.AllowAny{},
- seccomp.AllowValue(2),
- },
- {
- seccomp.AllowAny{},
- seccomp.AllowAny{},
- seccomp.AllowValue(3),
+ seccomp.GreaterThan(0),
},
},
}