seccomp: add sendto, writev, and readv to common seccomp policies

Using syslog from glibc will use some syscalls we haven't seen before, leading to the process getting killed. This change fixes that. TEST=use syslog from C BUG=chromium:988082 Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com>
2025-02-05 18:20:34 +00:00 · 2019-07-26 13:24:35 -07:00 · 2019-07-26 13:24:35 -07:00 · 2ea297ac76
commit 2ea297ac76
parent 92e75f0e2a
3 changed files with 9 additions and 0 deletions
--- a/seccomp/arm/common_device.policy
+++ b/seccomp/arm/common_device.policy
@ -30,6 +30,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recv: 1
 recvfrom: 1
 recvmsg: 1
@ -39,6 +40,8 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1
--- a/seccomp/x86_64/common_device.policy
+++ b/seccomp/x86_64/common_device.policy
@ -30,6 +30,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
@ -38,6 +39,8 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1
--- a/seccomp/x86_64/gpu_device.policy
+++ b/seccomp/x86_64/gpu_device.policy
@ -28,6 +28,7 @@ poll: 1
 ppoll: 1
 prctl: arg0 == PR_SET_NAME
 read: 1
+readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
@ -36,9 +37,11 @@ rt_sigprocmask: 1
 rt_sigreturn: 1
 sched_getaffinity: 1
 sendmsg: 1
+sendto: 1
 set_robust_list: 1
 sigaltstack: 1
 write: 1
+writev: 1

 # Rules specific to gpu
 connect: 1