Problem
When the guest application invokes sendfile(), forward_sendfile() in seccomp_dispatch.c incorrectly treats out_fd as physical host_fd when the destination out_fd is a shadowed file descriptor. It fails to check if the destination has an active shadow_sp.
Proposed Solution
Explicitly query the out_fd entry in the FD table before the write loop. If shadow_writeback is enabled and shadow_sp >= 0, extract the shadow_sp and route the sendfile writes to that virtual pointer instead of the raw host FD.
Problem
When the guest application invokes
sendfile(),forward_sendfile()inseccomp_dispatch.cincorrectly treatsout_fdas physical host_fd when the destinationout_fdis a shadowed file descriptor. It fails to check if the destination has an activeshadow_sp.Proposed Solution
Explicitly query the
out_fdentry in the FD table before the write loop. Ifshadow_writebackis enabled andshadow_sp>= 0, extract theshadow_spand route the sendfile writes to that virtual pointer instead of the raw host FD.