seccomp: add rseq to all policy files

Allow the restartable sequences system call used by glibc 2.35+. This is an extension of commit 637402a827 ("Add rseq to the seccomp policy file on aarch64."), which was originally reverted because the ChromeOS kernel headers did not have the necessary declarations yet. This depends on the rseq declarations patch to linux-headers: https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3749266/ BUG=b:235172163 BUG=b:235960683 TEST=Start crosvm on x86-64 Arch Linux with glibc 2.35 TEST=emerge-hatch crosvm # ensure seccomp policies compile Reported-By: Peter Collingbourne <pcc@google.com> Change-Id: I14e3dfd150a7c06bdafc68a88ef3f755eb7bf90c Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3763776 Reviewed-by: Dennis Kempin <denniskempin@google.com> Commit-Queue: Daniel Verkamp <dverkamp@chromium.org> Tested-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-by: Peter Collingbourne <pcc@chromium.org> Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
2025-02-05 18:20:34 +00:00 · 2022-07-13 10:45:54 -07:00 · 2022-07-13 10:45:54 -07:00 · 17c782f1c1
commit 17c782f1c1
parent b3b01e866e
6 changed files with 6 additions and 0 deletions
--- a/seccomp/aarch64/common_device.policy
+++ b/seccomp/aarch64/common_device.policy
@ -37,6 +37,7 @@ readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
+rseq: 1
 rt_sigaction: 1
 rt_sigprocmask: 1
 rt_sigreturn: 1
--- a/seccomp/aarch64/gpu_common.policy
+++ b/seccomp/aarch64/gpu_common.policy
@ -36,6 +36,7 @@ readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
+rseq: 1
 rt_sigaction: 1
 rt_sigprocmask: 1
 rt_sigreturn: 1
--- a/seccomp/arm/common_device.policy
+++ b/seccomp/arm/common_device.policy
@ -45,6 +45,7 @@ recvfrom: 1
 recvmsg: 1
 recvmmsg_time64: 1
 restart_syscall: 1
+rseq: 1
 rt_sigaction: 1
 rt_sigprocmask: 1
 rt_sigreturn: 1
--- a/seccomp/arm/gpu_common.policy
+++ b/seccomp/arm/gpu_common.policy
@ -42,6 +42,7 @@ recvfrom: 1
 recvmsg: 1
 recvmmsg_time64: 1
 restart_syscall: 1
+rseq: 1
 rt_sigaction: 1
 rt_sigprocmask: 1
 rt_sigreturn: 1
--- a/seccomp/x86_64/gpu_common.policy
+++ b/seccomp/x86_64/gpu_common.policy
@ -38,6 +38,7 @@ readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
+rseq: 1
 rt_sigaction: 1
 rt_sigprocmask: 1
 rt_sigreturn: 1
--- a/seccomp/x86_64/video_device.policy
+++ b/seccomp/x86_64/video_device.policy
@ -39,6 +39,7 @@ readv: 1
 recvfrom: 1
 recvmsg: 1
 restart_syscall: 1
+rseq: 1
 rt_sigaction: 1
 rt_sigprocmask: 1
 rt_sigreturn: 1