summary refs log tree commit diff
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2020-06-05 23:47:57 +0000
committerAlyssa Ross <hi@alyssa.is>2020-06-14 11:24:27 +0000
commit1e318da5b57c12f67bed3b528100dbe4ec287ac5 (patch)
tree2c5b2e2011796a9e71fbc5adcf1a85b33b04051c
parent28d9682698d287d14cbe67a0ed7acc1427add320 (diff)
downloadcrosvm-1e318da5b57c12f67bed3b528100dbe4ec287ac5.tar
crosvm-1e318da5b57c12f67bed3b528100dbe4ec287ac5.tar.gz
crosvm-1e318da5b57c12f67bed3b528100dbe4ec287ac5.tar.bz2
crosvm-1e318da5b57c12f67bed3b528100dbe4ec287ac5.tar.lz
crosvm-1e318da5b57c12f67bed3b528100dbe4ec287ac5.tar.xz
crosvm-1e318da5b57c12f67bed3b528100dbe4ec287ac5.tar.zst
crosvm-1e318da5b57c12f67bed3b528100dbe4ec287ac5.zip
seccomp: allow getdents64 if getdents is allowed
This fixes a crash where crosvm would crash if run on x86_64 with
--shared-dir when running ls in the shared directory.  I suspect
whether getdents or getdents64 is used depends on the host libc, so
allow both of them.  I suspect upstream's libc uses getdents, and
that's why they haven't fixed the problem.

Message-Id: <20200605234757.28848-1-hi@alyssa.is>
-rw-r--r--seccomp/x86_64/9p_device.policy1
-rw-r--r--seccomp/x86_64/gpu_device.policy1
-rw-r--r--seccomp/x86_64/xhci.policy1
3 files changed, 3 insertions, 0 deletions
diff --git a/seccomp/x86_64/9p_device.policy b/seccomp/x86_64/9p_device.policy
index 114ea11..271d244 100644
--- a/seccomp/x86_64/9p_device.policy
+++ b/seccomp/x86_64/9p_device.policy
@@ -18,6 +18,7 @@ unlink: 1
 rename: 1
 pread64: 1
 getdents: 1
+getdents64: 1
 mkdir: 1
 rmdir: 1
 fsync: 1
diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
index 331fc49..99d2a8d 100644
--- a/seccomp/x86_64/gpu_device.policy
+++ b/seccomp/x86_64/gpu_device.policy
@@ -52,6 +52,7 @@ fstat: 1
 # Used to set of size new memfd.
 ftruncate: 1
 getdents: 1
+getdents64: 1
 geteuid: 1
 getrandom: 1
 getuid: 1
diff --git a/seccomp/x86_64/xhci.policy b/seccomp/x86_64/xhci.policy
index 4b4fc3d..3448ce2 100644
--- a/seccomp/x86_64/xhci.policy
+++ b/seccomp/x86_64/xhci.policy
@@ -38,4 +38,5 @@ ioctl: arg1 == 0xc0185500 || arg1 == 0x41045508 || arg1 == 0x8004550f || arg1 ==
 fstat: 1
 getrandom: 1
 getdents: 1
+getdents64: 1
 lseek: 1