summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/filter/config.go14
-rw-r--r--runsc/boot/network.go1
2 files changed, 9 insertions, 6 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 83c1fbcce..bde749861 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -211,23 +211,25 @@ var allowedSyscalls = seccomp.SyscallRules{
syscall.SYS_PREAD64: {},
syscall.SYS_PWRITE64: {},
syscall.SYS_READ: {},
- syscall.SYS_READV: []seccomp.Rule{
+ syscall.SYS_RECVMSG: []seccomp.Rule{
{
seccomp.AllowAny{},
seccomp.AllowAny{},
- seccomp.AllowValue(len(fdbased.BufConfig)),
+ seccomp.AllowValue(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC),
},
- },
- syscall.SYS_RECVMSG: []seccomp.Rule{
{
seccomp.AllowAny{},
seccomp.AllowAny{},
- seccomp.AllowValue(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC),
+ seccomp.AllowValue(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC | syscall.MSG_PEEK),
},
+ },
+ syscall.SYS_RECVMMSG: []seccomp.Rule{
{
seccomp.AllowAny{},
seccomp.AllowAny{},
- seccomp.AllowValue(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC | syscall.MSG_PEEK),
+ seccomp.AllowValue(fdbased.MaxMsgsPerRecv),
+ seccomp.AllowValue(syscall.MSG_DONTWAIT),
+ seccomp.AllowValue(0),
},
},
syscall.SYS_RESTART_SYSCALL: {},
diff --git a/runsc/boot/network.go b/runsc/boot/network.go
index 89f186139..83d56f93a 100644
--- a/runsc/boot/network.go
+++ b/runsc/boot/network.go
@@ -140,6 +140,7 @@ func (n *Network) CreateLinksAndRoutes(args *CreateLinksAndRoutesArgs, _ *struct
EthernetHeader: true,
HandleLocal: true,
Address: mac,
+ UseRecvMMsg: true,
})
log.Infof("Enabling interface %q with id %d on addresses %+v (%v)", link.Name, nicID, link.Addresses, mac)