diff options
| -rw-r--r-- | seccomp/x86_64/balloon_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/block_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/net_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/rng_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/vhost_net_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/vhost_vsock_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/wl_device.policy | 1 |
7 files changed, 7 insertions, 0 deletions
diff --git a/seccomp/x86_64/balloon_device.policy b/seccomp/x86_64/balloon_device.policy index aa55273..8f56d4e 100644 --- a/seccomp/x86_64/balloon_device.policy +++ b/seccomp/x86_64/balloon_device.policy @@ -22,6 +22,7 @@ write: 1 eventfd2: 1 dup: 1 poll: 1 +ppoll: 1 getpid: 1 # Allow PR_SET_NAME only. prctl: arg0 == 15 diff --git a/seccomp/x86_64/block_device.policy b/seccomp/x86_64/block_device.policy index 55e50a3..ff5bc8f 100644 --- a/seccomp/x86_64/block_device.policy +++ b/seccomp/x86_64/block_device.policy @@ -25,6 +25,7 @@ clone: arg0 & 0x00010000 write: 1 eventfd2: 1 poll: 1 +ppoll: 1 getpid: 1 # Allow PR_SET_NAME only. prctl: arg0 == 15 diff --git a/seccomp/x86_64/net_device.policy b/seccomp/x86_64/net_device.policy index 6820665..af90a4d 100644 --- a/seccomp/x86_64/net_device.policy +++ b/seccomp/x86_64/net_device.policy @@ -13,6 +13,7 @@ mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb munmap: 1 poll: 1 +ppoll: 1 read: 1 recvfrom: 1 sched_getaffinity: 1 diff --git a/seccomp/x86_64/rng_device.policy b/seccomp/x86_64/rng_device.policy index 4eeb7ed..7b9a2cc 100644 --- a/seccomp/x86_64/rng_device.policy +++ b/seccomp/x86_64/rng_device.policy @@ -22,6 +22,7 @@ clone: arg0 & 0x00010000 write: 1 eventfd2: 1 poll: 1 +ppoll: 1 getpid: 1 # Allow PR_SET_NAME only. prctl: arg0 == 15 diff --git a/seccomp/x86_64/vhost_net_device.policy b/seccomp/x86_64/vhost_net_device.policy index d64dd81..254c1c6 100644 --- a/seccomp/x86_64/vhost_net_device.policy +++ b/seccomp/x86_64/vhost_net_device.policy @@ -30,6 +30,7 @@ mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb munmap: 1 poll: 1 +ppoll: 1 read: 1 recvfrom: 1 sched_getaffinity: 1 diff --git a/seccomp/x86_64/vhost_vsock_device.policy b/seccomp/x86_64/vhost_vsock_device.policy index 5b21d51..b04b51c 100644 --- a/seccomp/x86_64/vhost_vsock_device.policy +++ b/seccomp/x86_64/vhost_vsock_device.policy @@ -31,6 +31,7 @@ mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb munmap: 1 poll: 1 +ppoll: 1 read: 1 connect: 1 sendto: 1 diff --git a/seccomp/x86_64/wl_device.policy b/seccomp/x86_64/wl_device.policy index bc1ebb6..cf7fb96 100644 --- a/seccomp/x86_64/wl_device.policy +++ b/seccomp/x86_64/wl_device.policy @@ -10,6 +10,7 @@ mmap: arg2 in 0xfffffffb mprotect: arg2 in 0xfffffffb munmap: 1 poll: 1 +ppoll: 1 read: 1 recvfrom: 1 sched_getaffinity: 1 |