2 files changed, 9 insertions, 6 deletions

diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go
index 83c1fbcce..bde749861 100644
--- a/runsc/boot/filter/config.go
+++ b/runsc/boot/filter/config.go
@@ -211,23 +211,25 @@ var allowedSyscalls = seccomp.SyscallRules{
 	syscall.SYS_PREAD64:   {},
 	syscall.SYS_PWRITE64:  {},
 	syscall.SYS_READ:      {},
-	syscall.SYS_READV: []seccomp.Rule{
+	syscall.SYS_RECVMSG: []seccomp.Rule{
 		{
 			seccomp.AllowAny{},
 			seccomp.AllowAny{},
-			seccomp.AllowValue(len(fdbased.BufConfig)),
+			seccomp.AllowValue(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC),
 		},
-	},
-	syscall.SYS_RECVMSG: []seccomp.Rule{
 		{
 			seccomp.AllowAny{},
 			seccomp.AllowAny{},
-			seccomp.AllowValue(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC),
+			seccomp.AllowValue(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC | syscall.MSG_PEEK),
 		},
+	},
+	syscall.SYS_RECVMMSG: []seccomp.Rule{
 		{
 			seccomp.AllowAny{},
 			seccomp.AllowAny{},
-			seccomp.AllowValue(syscall.MSG_DONTWAIT | syscall.MSG_TRUNC | syscall.MSG_PEEK),
+			seccomp.AllowValue(fdbased.MaxMsgsPerRecv),
+			seccomp.AllowValue(syscall.MSG_DONTWAIT),
+			seccomp.AllowValue(0),
 		},
 	},
 	syscall.SYS_RESTART_SYSCALL: {},
diff --git a/runsc/boot/network.go b/runsc/boot/network.go
index 89f186139..83d56f93a 100644
--- a/runsc/boot/network.go
+++ b/runsc/boot/network.go
@@ -140,6 +140,7 @@ func (n *Network) CreateLinksAndRoutes(args *CreateLinksAndRoutesArgs, _ *struct
 			EthernetHeader: true,
 			HandleLocal:    true,
 			Address:        mac,
+			UseRecvMMsg:    true,
 		})
 
 		log.Infof("Enabling interface %q with id %d on addresses %+v (%v)", link.Name, nicID, link.Addresses, mac)