vmm: add syscalls to seccomp filters for sending SIGTERM

Add lstat and getcwd to allowed seccomp filter list since they are called in libc::kill. Signed-off-by: Songqian Li <sionli@tencent.com>
cloud-hypervisor · Jun 11, 2024 · 2904dc0 · 2904dc0
1 parent b020ed7
commit 2904dc0
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs
@@ -688,6 +688,9 @@ fn vmm_thread_rules(
         (libc::SYS_wait4, vec![]),
         (libc::SYS_write, vec![]),
         (libc::SYS_writev, vec![]),
+        #[cfg(target_arch = "x86_64")]
+        (libc::SYS_lstat, vec![]),
+        (libc::SYS_getcwd, vec![]),
     ])
 }