From ec57aade1563075e37b8e9ccc0b85fe2c04a54b8 Mon Sep 17 00:00:00 2001
From: Matt Moriarity <matt@mattmoriarity.com>
Date: Thu, 13 Nov 2025 08:52:43 -0700
Subject: [PATCH] seccomp: allow sendto for vsock thread

as of rust 1.90, writes to unix socket streams use send_with_flags
instead of write, so it uses a sendto syscall instead of write.

Signed-off-by: Matt Moriarity <matt@mattmoriarity.com>
---
 virtio-devices/src/seccomp_filters.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/virtio-devices/src/seccomp_filters.rs b/virtio-devices/src/seccomp_filters.rs
index 5986e72ea..26d1445f6 100644
--- a/virtio-devices/src/seccomp_filters.rs
+++ b/virtio-devices/src/seccomp_filters.rs
@@ -239,6 +239,7 @@ fn virtio_vsock_thread_rules() -> Vec<(i64, Vec<SeccompRule>)> {
         (libc::SYS_connect, vec![]),
         (libc::SYS_ioctl, create_vsock_ioctl_seccomp_rule()),
         (libc::SYS_recvfrom, vec![]),
+        (libc::SYS_sendto, vec![]),
         (libc::SYS_socket, vec![]),
         // If debug_assertions is enabled, closing a file first checks
         // whether the FD is valid with fcntl.