From bbcf69c58c4ceffd4b045f64a56a14ded747f597 Mon Sep 17 00:00:00 2001
From: Rob Bradford <robert.bradford@intel.com>
Date: Tue, 15 Mar 2022 15:22:46 +0000
Subject: [PATCH] virtio-devices: seccomp: Add pread64/pwrite64 sycalls for
 virtio-fs

These syscalls are explicitly used in the code:

https://github.com/cloud-hypervisor/cloud-hypervisor/blob/3593055e776a7b570826d43c52cba9ca1f66e261/virtio-devices/src/vhost_user/fs.rs#L237

Fixes: #3843

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 virtio-devices/src/seccomp_filters.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/virtio-devices/src/seccomp_filters.rs b/virtio-devices/src/seccomp_filters.rs
index 5939cc29d..66ce65a2d 100644
--- a/virtio-devices/src/seccomp_filters.rs
+++ b/virtio-devices/src/seccomp_filters.rs
@@ -160,6 +160,8 @@ fn virtio_vhost_fs_thread_rules() -> Vec<(i64, Vec<SeccompRule>)> {
     vec![
         (libc::SYS_connect, vec![]),
         (libc::SYS_nanosleep, vec![]),
+        (libc::SYS_pread64, vec![]),
+        (libc::SYS_pwrite64, vec![]),
         (libc::SYS_recvmsg, vec![]),
         (libc::SYS_sendmsg, vec![]),
         (libc::SYS_sendto, vec![]),