From 313e1988c4609c74ada99c1a5e9ecde56c313125 Mon Sep 17 00:00:00 2001
From: Michael Pratt <mpratt@google.com>
Date: Fri, 18 Sep 2020 09:54:00 -0700
Subject: Drop ARCH_GET_FS

Go does not call arch_prctl(ARCH_GET_FS), nor am I sure it ever did. Drop the
filter.

PiperOrigin-RevId: 332470532
---
 runsc/boot/filter/config_amd64.go    | 1 -
 runsc/fsgofer/filter/config_amd64.go | 1 -
 2 files changed, 2 deletions(-)

(limited to 'runsc')

diff --git a/runsc/boot/filter/config_amd64.go b/runsc/boot/filter/config_amd64.go
index 9b1799416..24e13565e 100644
--- a/runsc/boot/filter/config_amd64.go
+++ b/runsc/boot/filter/config_amd64.go
@@ -25,7 +25,6 @@ import (
 
 func init() {
 	allowedSyscalls[syscall.SYS_ARCH_PRCTL] = append(allowedSyscalls[syscall.SYS_ARCH_PRCTL],
-		seccomp.Rule{seccomp.EqualTo(linux.ARCH_GET_FS)},
 		seccomp.Rule{seccomp.EqualTo(linux.ARCH_SET_FS)},
 	)
 }
diff --git a/runsc/fsgofer/filter/config_amd64.go b/runsc/fsgofer/filter/config_amd64.go
index 53506b5e1..39f9851a8 100644
--- a/runsc/fsgofer/filter/config_amd64.go
+++ b/runsc/fsgofer/filter/config_amd64.go
@@ -25,7 +25,6 @@ import (
 
 func init() {
 	allowedSyscalls[syscall.SYS_ARCH_PRCTL] = []seccomp.Rule{
-		{seccomp.EqualTo(linux.ARCH_GET_FS)},
 		{seccomp.EqualTo(linux.ARCH_SET_FS)},
 	}
 
-- 
cgit v1.2.3