From d71f5ef6885b9c241018308944e4b2e4b4857029 Mon Sep 17 00:00:00 2001 From: Michael Pratt Date: Thu, 14 Jun 2018 10:10:09 -0700 Subject: Add nanosleep filter for Go 1.11 support golang.org/cl/108538 replaces pselect6 with nanosleep in runtime.usleep. Update the filters accordingly. PiperOrigin-RevId: 200574612 Change-Id: Ifb2296fcb3781518fc047aabbbffedb9ae488cd7 --- runsc/boot/filter/BUILD | 2 ++ runsc/boot/filter/config.go | 1 - runsc/boot/filter/config_go110.go | 30 ++++++++++++++++++++++++++++++ runsc/boot/filter/config_go111.go | 27 +++++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 runsc/boot/filter/config_go110.go create mode 100644 runsc/boot/filter/config_go111.go (limited to 'runsc/boot') diff --git a/runsc/boot/filter/BUILD b/runsc/boot/filter/BUILD index fd1b18717..c9837c236 100644 --- a/runsc/boot/filter/BUILD +++ b/runsc/boot/filter/BUILD @@ -6,6 +6,8 @@ go_library( name = "filter", srcs = [ "config.go", + "config_go110.go", + "config_go111.go", "extra_filters.go", "extra_filters_msan.go", "extra_filters_race.go", diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 86c256c5b..4e286c5da 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -61,7 +61,6 @@ var allowedSyscalls = seccomp.SyscallRules{ syscall.SYS_NEWFSTATAT: {}, syscall.SYS_POLL: {}, syscall.SYS_PREAD64: {}, - syscall.SYS_PSELECT6: {}, syscall.SYS_PWRITE64: {}, syscall.SYS_READ: {}, syscall.SYS_READLINKAT: {}, diff --git a/runsc/boot/filter/config_go110.go b/runsc/boot/filter/config_go110.go new file mode 100644 index 000000000..f4feb4ce4 --- /dev/null +++ b/runsc/boot/filter/config_go110.go @@ -0,0 +1,30 @@ +// Copyright 2018 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !go1.11 + +package filter + +import ( + "syscall" + + "gvisor.googlesource.com/gvisor/pkg/seccomp" +) + +// TODO: Remove this file and merge config_go111.go back into +// config.go once we no longer build with Go 1.10. + +func init() { + allowedSyscalls[syscall.SYS_PSELECT6] = []seccomp.Rule{} +} diff --git a/runsc/boot/filter/config_go111.go b/runsc/boot/filter/config_go111.go new file mode 100644 index 000000000..f5eb2c3c8 --- /dev/null +++ b/runsc/boot/filter/config_go111.go @@ -0,0 +1,27 @@ +// Copyright 2018 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build go1.11 + +package filter + +import ( + "syscall" + + "gvisor.googlesource.com/gvisor/pkg/seccomp" +) + +func init() { + allowedSyscalls[syscall.SYS_NANOSLEEP] = []seccomp.Rule{} +} -- cgit v1.2.3