diff options
-rw-r--r-- | pkg/sentry/platform/kvm/machine_unsafe.go | 4 | ||||
-rw-r--r-- | runsc/boot/filter/config.go | 1 |
2 files changed, 2 insertions, 3 deletions
diff --git a/pkg/sentry/platform/kvm/machine_unsafe.go b/pkg/sentry/platform/kvm/machine_unsafe.go index 4f5b01321..38c1f102f 100644 --- a/pkg/sentry/platform/kvm/machine_unsafe.go +++ b/pkg/sentry/platform/kvm/machine_unsafe.go @@ -88,7 +88,7 @@ func (c *vCPU) notify() { _, _, errno := syscall.RawSyscall6( syscall.SYS_FUTEX, uintptr(unsafe.Pointer(&c.state)), - linux.FUTEX_WAKE, + linux.FUTEX_WAKE|linux.FUTEX_PRIVATE_FLAG, ^uintptr(0), // Number of waiters. 0, 0, 0) if errno != 0 { @@ -106,7 +106,7 @@ func (c *vCPU) waitUntilNot(state uint32) { _, _, errno := syscall.Syscall6( syscall.SYS_FUTEX, uintptr(unsafe.Pointer(&c.state)), - linux.FUTEX_WAIT, + linux.FUTEX_WAIT|linux.FUTEX_PRIVATE_FLAG, uintptr(state), 0, 0, 0) if errno != 0 && errno != syscall.EINTR && errno != syscall.EAGAIN { diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 378396b9b..83c1fbcce 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -438,7 +438,6 @@ func ptraceFilters() seccomp.SyscallRules { func kvmFilters() seccomp.SyscallRules { return seccomp.SyscallRules{ syscall.SYS_ARCH_PRCTL: {}, - syscall.SYS_FUTEX: {}, syscall.SYS_IOCTL: {}, syscall.SYS_MMAP: {}, syscall.SYS_RT_SIGSUSPEND: {}, |