From 2904dc02dfb79e2ea2791f97db4e06b56567dabb Mon Sep 17 00:00:00 2001
From: Songqian Li <sionli@tencent.com>
Date: Tue, 11 Jun 2024 20:49:35 +0800
Subject: [PATCH] vmm: add syscalls to seccomp filters for sending SIGTERM

Add lstat and getcwd to allowed seccomp filter list since they
 are called in libc::kill.

Signed-off-by: Songqian Li <sionli@tencent.com>
---
 vmm/src/seccomp_filters.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/vmm/src/seccomp_filters.rs b/vmm/src/seccomp_filters.rs
index 7215d4d040..ece0fccb45 100644
--- a/vmm/src/seccomp_filters.rs
+++ b/vmm/src/seccomp_filters.rs
@@ -688,6 +688,9 @@ fn vmm_thread_rules(
         (libc::SYS_wait4, vec![]),
         (libc::SYS_write, vec![]),
         (libc::SYS_writev, vec![]),
+        #[cfg(target_arch = "x86_64")]
+        (libc::SYS_lstat, vec![]),
+        (libc::SYS_getcwd, vec![]),
     ])
 }