Skip to content

Commit bfcf33d

Browse files
Alexandra Iordachealxiord
Alexandra Iordache
authored andcommitted
seccomp: whitelist KVM_GET_DIRTY_LOG ioctl
Fixes #847 Signed-off-by: Alexandra Iordache <[email protected]>
1 parent 523dab6 commit bfcf33d

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

vmm/src/default_syscalls.rs

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ const KVM_CREATE_VM: u64 = 0xae01;
7070
const KVM_CHECK_EXTENSION: u64 = 0xae03;
7171
const KVM_GET_VCPU_MMAP_SIZE: u64 = 0xae04;
7272
const KVM_CREATE_VCPU: u64 = 0xae41;
73+
const KVM_GET_DIRTY_LOG: u64 = 0x4010ae42;
7374
const KVM_SET_TSS_ADDR: u64 = 0xae47;
7475
const KVM_CREATE_IRQCHIP: u64 = 0xae60;
7576
const KVM_RUN: u64 = 0xae80;
@@ -267,6 +268,14 @@ pub fn default_context() -> Result<SeccompFilterContext, Error> {
267268
vec![SeccompCondition::new(1, SeccompCmpOp::Eq, KVM_CREATE_VCPU)?],
268269
SeccompAction::Allow,
269270
),
271+
SeccompRule::new(
272+
vec![SeccompCondition::new(
273+
1,
274+
SeccompCmpOp::Eq,
275+
KVM_GET_DIRTY_LOG,
276+
)?],
277+
SeccompAction::Allow,
278+
),
270279
SeccompRule::new(
271280
vec![SeccompCondition::new(1, SeccompCmpOp::Eq, KVM_IOEVENTFD)?],
272281
SeccompAction::Allow,

0 commit comments

Comments
 (0)