[PATCH crosvm] seccomp: allow getdents64 if getdents is allowed
This fixes a crash where crosvm would crash if run on x86_64 with --shared-dir when running ls in the shared directory. I suspect whether getdents or getdents64 is used depends on the host libc, so allow both of them. I suspect upstream's libc uses getdents, and that's why they haven't fixed the problem. --- This finally annoyed me enough that I decided to fix it. Michael, I think you'd also run into this issue. Want to test the fix? seccomp/x86_64/9p_device.policy | 1 + seccomp/x86_64/gpu_device.policy | 1 + seccomp/x86_64/xhci.policy | 1 + 3 files changed, 3 insertions(+) diff --git a/seccomp/x86_64/9p_device.policy b/seccomp/x86_64/9p_device.policy index 114ea11..271d244 100644 --- a/seccomp/x86_64/9p_device.policy +++ b/seccomp/x86_64/9p_device.policy @@ -18,6 +18,7 @@ unlink: 1 rename: 1 pread64: 1 getdents: 1 +getdents64: 1 mkdir: 1 rmdir: 1 fsync: 1 diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy index 331fc49..99d2a8d 100644 --- a/seccomp/x86_64/gpu_device.policy +++ b/seccomp/x86_64/gpu_device.policy @@ -52,6 +52,7 @@ fstat: 1 # Used to set of size new memfd. ftruncate: 1 getdents: 1 +getdents64: 1 geteuid: 1 getrandom: 1 getuid: 1 diff --git a/seccomp/x86_64/xhci.policy b/seccomp/x86_64/xhci.policy index 4b4fc3d..3448ce2 100644 --- a/seccomp/x86_64/xhci.policy +++ b/seccomp/x86_64/xhci.policy @@ -38,4 +38,5 @@ ioctl: arg1 == 0xc0185500 || arg1 == 0x41045508 || arg1 == 0x8004550f || arg1 == fstat: 1 getrandom: 1 getdents: 1 +getdents64: 1 lseek: 1 -- 2.26.2
participants (1)
-
Alyssa Ross