3 files changed, 8 insertions, 3 deletions

diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 1828d116a..98cdd90dd 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -230,8 +230,10 @@ var allowedSyscalls = seccomp.SyscallRules{
 	syscall.SYS_PPOLL:     {},
 	syscall.SYS_PREAD64:   {},
 	syscall.SYS_PREADV:    {},
+	unix.SYS_PREADV2:      {},
 	syscall.SYS_PWRITE64:  {},
 	syscall.SYS_PWRITEV:   {},
+	unix.SYS_PWRITEV2:     {},
 	syscall.SYS_READ:      {},
 	syscall.SYS_RECVMSG: []seccomp.Rule{
 		{
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 8c8bad11c..f802bc9fb 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -334,7 +334,10 @@ func New(args Args) (*Loader, error) {
 
 	if kernel.VFS2Enabled {
 		// Set up host mount that will be used for imported fds.
-		hostFilesystem := hostvfs2.NewFilesystem(k.VFS())
+		hostFilesystem, err := hostvfs2.NewFilesystem(k.VFS())
+		if err != nil {
+			return nil, fmt.Errorf("failed to create hostfs filesystem: %v", err)
+		}
 		defer hostFilesystem.DecRef()
 		hostMount, err := k.VFS().NewDisconnectedMount(hostFilesystem, nil, &vfs.MountOptions{})
 		if err != nil {
diff --git a/runsc/boot/vfs.go b/runsc/boot/vfs.go
index d1397ed2c..b94211866 100644
--- a/runsc/boot/vfs.go
+++ b/runsc/boot/vfs.go
@@ -301,8 +301,8 @@ func (c *containerMounter) getMountNameAndOptionsVFS2(conf *Config, m specs.Moun
 }
 
 // p9MountOptions creates a slice of options for a p9 mount.
-// TODO(gvisor.dev/issue/1200): Remove this version in favor of the one in
-// fs.go when privateunixsocket lands.
+// TODO(gvisor.dev/issue/1624): Remove this version once privateunixsocket is
+// deleted, along with the rest of VFS1.
 func p9MountOptionsVFS2(fd int, fa FileAccessType) []string {
 	opts := []string{
 		"trans=fd",