feat: modify socket() seccomp flags

aerosouund · aerosouund · commit ba68e07b4570 · 2026-04-25T11:52:53.000Z
- seqpacket sockets necessitate a different flag set than
  whats currently in the seccomp rules. we need to add
  seqpacket with SOCK_CLOEXEC for testing to work

Signed-off-by: aerosouund &lt;aerosound161@gmail.com&gt;
diff --git a/resources/seccomp/aarch64-unknown-linux-musl.json b/resources/seccomp/aarch64-unknown-linux-musl.json
@@ -323,6 +323,32 @@
                     }
                 ]
             },
+            {
+                "syscall": "socket",
+                "comment": "Called to open the vsock seqpacket UDS (SeqpacketConn::connect and SeqpacketListener::bind)",
+                "args": [
+                    {
+                        "index": 0,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 1,
+                        "comment": "libc::AF_UNIX"
+                    },
+                    {
+                        "index": 1,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 524293,
+                        "comment": "libc::SOCK_SEQPACKET | libc::SOCK_CLOEXEC"
+                    },
+                    {
+                        "index": 2,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 0
+                    }
+                ]
+            },
             {
                 "syscall": "sendto",
                 "comment": "Rust std uses it to write to unix socket"
diff --git a/resources/seccomp/x86_64-unknown-linux-musl.json b/resources/seccomp/x86_64-unknown-linux-musl.json
@@ -323,6 +323,32 @@
                     }
                 ]
             },
+            {
+                "syscall": "socket",
+                "comment": "Called to open the vsock seqpacket UDS (SeqpacketConn::connect and SeqpacketListener::bind)",
+                "args": [
+                    {
+                        "index": 0,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 1,
+                        "comment": "libc::AF_UNIX"
+                    },
+                    {
+                        "index": 1,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 524293,
+                        "comment": "libc::SOCK_SEQPACKET | libc::SOCK_CLOEXEC"
+                    },
+                    {
+                        "index": 2,
+                        "type": "dword",
+                        "op": "eq",
+                        "val": 0
+                    }
+                ]
+            },
             {
                 "syscall": "sendto",
                 "comment": "Rust std uses it to write to unix socket"
