seccomp: add sendto, writev, and readv to common seccomp policies

Using syslog from glibc will use some syscalls we haven't seen before, leading to the process getting killed. This change fixes that. TEST=use syslog from C BUG=chromium:988082 Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com>
author: Zach Reizner <zachr@google.com> 2019-07-26 13:24:35 -0700
committer: Commit Bot <commit-bot@chromium.org> 2019-07-27 03:50:22 +0000
commit: 2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b (patch)
tree: a969caeced975ad998b372ded7c66de559bf04c5 /seccomp
parent: 92e75f0e2ae71321053d1529ba2acc797ce955b5 (diff)
download: crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar
crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.gz
crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.bz2
crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.lz
crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.xz
crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.zst
crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.zip
3 files changed, 9 insertions, 0 deletions
diff --git a/seccomp/arm/common_device.policy b/seccomp/arm/common_device.policy
index d2b5a6b..7340145 100644
--- a/seccomp/arm/common_device.policy
+++ b/seccomp/arm/common_device.policy
@@ -30,6 +30,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recv: 1
 recvfrom: 1
 recvmsg: 1
@@ -39,6 +40,8 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1
diff --git a/seccomp/x86_64/common_device.policy b/seccomp/x86_64/common_device.policy
index 2379b95..81ebb18 100644
--- a/seccomp/x86_64/common_device.policy
+++ b/seccomp/x86_64/common_device.policy
@@ -30,6 +30,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
@@ -38,6 +39,8 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1
diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
index b6caa82..ac7292d 100644
--- a/seccomp/x86_64/gpu_device.policy
+++ b/seccomp/x86_64/gpu_device.policy
@@ -28,6 +28,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
@@ -36,9 +37,11 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1
 
 # Rules specific to gpu
 connect: 1
author	Zach Reizner <zachr@google.com>	2019-07-26 13:24:35 -0700
committer	Commit Bot <commit-bot@chromium.org>	2019-07-27 03:50:22 +0000
commit	2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b (patch)
tree	a969caeced975ad998b372ded7c66de559bf04c5 /seccomp
parent	92e75f0e2ae71321053d1529ba2acc797ce955b5 (diff)
download	crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.gz crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.bz2 crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.lz crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.xz crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.zst crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.zip