From 8d70c18b16bb65eeabb11c7760678c6efba8d19a Mon Sep 17 00:00:00 2001
From: Daniel Verkamp <dverkamp@chromium.org>
Date: Thu, 17 Nov 2022 10:39:12 -0800
Subject: [PATCH] tests: plugin: add clone3 and rseq to seccomp policy

These syscalls are used by the plugin test child process on newer glibc
and kernel versions. Without them, the plugin tests fail because the
child processes die with SIGSYS.

BUG=None
TEST=tools/dev_container tools/presubmit --all

Change-Id: Id56831cf146e1e0f24f700744d6db902133ecc62
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4034381
Reviewed-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
---
 tests/plugin.policy | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/plugin.policy b/tests/plugin.policy
index 8ede3cc073..34de31d6c3 100644
--- a/tests/plugin.policy
+++ b/tests/plugin.policy
@@ -19,6 +19,7 @@ set_robust_list: 1
 sigaltstack: 1
 # Disallow clone's other than new threads.
 clone: arg0 & 0x00010000
+clone3: 1
 write: 1
 eventfd2: 1
 poll: 1
@@ -26,6 +27,7 @@ getpid: 1
 getppid: 1
 # Allow PR_SET_NAME only.
 prctl: arg0 == 15
+rseq: 1
 access: 1
 arch_prctl: 1
 brk: 1