dsg/cloud-hypervisor
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

seccomp: allow sendto for vsock thread

Browse source 
as of rust 1.90, writes to unix socket streams use send_with_flags
instead of write, so it uses a sendto syscall instead of write.

Signed-off-by: Matt Moriarity <matt@mattmoriarity.com>
This commit is contained in:
Matt Moriarity 2025-11-13 08:52:43 -07:00 committed by Bo Chen
parent 02da2f2d36
commit ec57aade15
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
virtio-devices/src/seccomp_filters.rs
View file

@ -239,6 +239,7 @@ fn virtio_vsock_thread_rules() -> Vec<(i64, Vec<SeccompRule>)> {
(libc::SYS_connect, vec![]),
(libc::SYS_ioctl, create_vsock_ioctl_seccomp_rule()),
(libc::SYS_recvfrom, vec![]),
(libc::SYS_sendto, vec![]),
(libc::SYS_socket, vec![]),
// If debug_assertions is enabled, closing a file first checks
// whether the FD is valid with fcntl.