From a70445aa3b7bfef71b7ee888eaf614c83ded3c59 Mon Sep 17 00:00:00 2001
From: Yunlian Jiang <yunlian@google.com>
Date: Fri, 19 Oct 2018 12:04:45 -0700
Subject: crosvm: add openat to seccomp

This adds openat to a seccomp policy file if open is already there.
We need this because glibc 2.25 changed it system call for open().

BUG=chromium:894614
TEST=None

Change-Id: Ie5b45d858e8d9ea081fd7bfda81709bda048d965
Reviewed-on: https://chromium-review.googlesource.com/1292129
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
---
 seccomp/x86_64/9p_device.policy  | 1 +
 seccomp/x86_64/9s.policy         | 1 +
 seccomp/x86_64/gpu_device.policy | 1 +
 3 files changed, 3 insertions(+)

(limited to 'seccomp/x86_64')

diff --git a/seccomp/x86_64/9p_device.policy b/seccomp/x86_64/9p_device.policy
index 6a9d64a..f86d7b3 100644
--- a/seccomp/x86_64/9p_device.policy
+++ b/seccomp/x86_64/9p_device.policy
@@ -12,6 +12,7 @@ stat: 1
 lstat: 1
 close: 1
 open: 1
+openat: 1
 fstat: 1
 # ioctl(fd, FIOCLEX, 0) is equivalent to fcntl(fd, F_SETFD, FD_CLOEXEC).
 ioctl: arg1 == FIOCLEX
diff --git a/seccomp/x86_64/9s.policy b/seccomp/x86_64/9s.policy
index 22600bf..400cca3 100644
--- a/seccomp/x86_64/9s.policy
+++ b/seccomp/x86_64/9s.policy
@@ -7,6 +7,7 @@ write: 1
 lstat: 1
 stat: 1
 open: 1
+openat: 1
 close: 1
 fstat: 1
 getdents: 1
diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
index de16d39..691060a 100644
--- a/seccomp/x86_64/gpu_device.policy
+++ b/seccomp/x86_64/gpu_device.policy
@@ -3,6 +3,7 @@
 # found in the LICENSE file.
 
 open: 1
+openat: 1
 close: 1
 sigaltstack: 1
 munmap: 1
-- 
cgit 1.4.1