From a5170fd825efbea0550137b5979f7bd08398aa55 Mon Sep 17 00:00:00 2001 From: Michael Pratt Date: Thu, 10 Oct 2019 13:39:55 -0700 Subject: Allow rt_sigreturn in runsc gofer rt_sigreturn is required for signal handling (e.g., SIGSEGV for nil-pointer dereference). Before this, nil-pointer dereferences cause a syscall violation instead of a panic. PiperOrigin-RevId: 274028767 --- runsc/fsgofer/filter/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/runsc/fsgofer/filter/config.go b/runsc/fsgofer/filter/config.go index c7922b54f..0bf7507b7 100644 --- a/runsc/fsgofer/filter/config.go +++ b/runsc/fsgofer/filter/config.go @@ -177,6 +177,7 @@ var allowedSyscalls = seccomp.SyscallRules{ syscall.SYS_RENAMEAT: {}, syscall.SYS_RESTART_SYSCALL: {}, syscall.SYS_RT_SIGPROCMASK: {}, + syscall.SYS_RT_SIGRETURN: {}, syscall.SYS_SCHED_YIELD: {}, syscall.SYS_SENDMSG: []seccomp.Rule{ // Used by fdchannel.Endpoint.SendFD(). -- cgit v1.2.3