in src/vmm/src/signal_handler.rs [284:419]
fn make_test_seccomp_bpf_filter() -> Vec<sock_filter> {
// Create seccomp filter that allows all syscalls, except for `SYS_mkdirat`.
// For some reason, directly calling `SYS_kill` with SIGSYS, like we do with the
// other signals, results in an error. Probably because of the way `cargo test` is
// handling signals.
#[cfg(target_arch = "aarch64")]
#[allow(clippy::unreadable_literal)]
let bpf_filter = vec![
sock_filter {
code: 32,
jt: 0,
jf: 0,
k: 4,
},
sock_filter {
code: 21,
jt: 1,
jf: 0,
k: 3221225655,
},
sock_filter {
code: 6,
jt: 0,
jf: 0,
k: 0,
},
sock_filter {
code: 32,
jt: 0,
jf: 0,
k: 0,
},
sock_filter {
code: 21,
jt: 0,
jf: 1,
k: 34,
},
sock_filter {
code: 5,
jt: 0,
jf: 0,
k: 1,
},
sock_filter {
code: 5,
jt: 0,
jf: 0,
k: 2,
},
sock_filter {
code: 6,
jt: 0,
jf: 0,
k: 196608,
},
sock_filter {
code: 6,
jt: 0,
jf: 0,
k: 2147418112,
},
sock_filter {
code: 6,
jt: 0,
jf: 0,
k: 2147418112,
},
];
#[cfg(target_arch = "x86_64")]
#[allow(clippy::unreadable_literal)]
let bpf_filter = vec![
sock_filter {
code: 32,
jt: 0,
jf: 0,
k: 4,
},
sock_filter {
code: 21,
jt: 1,
jf: 0,
k: 3221225534,
},
sock_filter {
code: 6,
jt: 0,
jf: 0,
k: 0,
},
sock_filter {
code: 32,
jt: 0,
jf: 0,
k: 0,
},
sock_filter {
code: 21,
jt: 0,
jf: 1,
k: 258,
},
sock_filter {
code: 5,
jt: 0,
jf: 0,
k: 1,
},
sock_filter {
code: 5,
jt: 0,
jf: 0,
k: 2,
},
sock_filter {
code: 6,
jt: 0,
jf: 0,
k: 196608,
},
sock_filter {
code: 6,
jt: 0,
jf: 0,
k: 2147418112,
},
sock_filter {
code: 6,
jt: 0,
jf: 0,
k: 2147418112,
},
];
bpf_filter
}