mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-06 10:32:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't drop capabilities when sandbox is disabled.

Browse source 
BUG=b:128465119
TEST=manual - Run ARCVM

Change-Id: Ib6d43a74a98d4f29498ad62168d0efbd4c77fc83
Reviewed-on: https://chromium-review.googlesource.com/1524370
Commit-Ready: Lepton Wu <lepton@chromium.org>
Tested-by: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Lepton Wu <lepton@chromium.org>
This commit is contained in:
Lepton Wu 2019-03-14 10:48:03 -07:00 committed by chrome-bot
parent fbbcf7ad14
commit 20333e41ae
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/linux.rs
View file

@ -1121,6 +1121,7 @@ pub fn run_config(cfg: Config) -> Result<()> {
disk_host_sockets.push(disk_host_socket); disk_host_sockets.push(disk_host_socket);
} }
let sandbox = cfg.sandbox;
let linux = Arch::build_vm(components, cfg.split_irqchip, |m, e| { let linux = Arch::build_vm(components, cfg.split_irqchip, |m, e| {
create_devices( create_devices(
cfg, cfg,
@ -1175,6 +1176,7 @@ pub fn run_config(cfg: Config) -> Result<()> {
&disk_host_sockets, &disk_host_sockets,
sigchld_fd, sigchld_fd,
_render_node_host, _render_node_host,
sandbox,
) )
} }
@ -1186,6 +1188,7 @@ fn run_control(
disk_host_sockets: &[MsgSocket<VmRequest, VmResponse>], disk_host_sockets: &[MsgSocket<VmRequest, VmResponse>],
sigchld_fd: SignalFd, sigchld_fd: SignalFd,
_render_node_host: RenderNodeHost, _render_node_host: RenderNodeHost,
sandbox: bool,
) -> Result<()> { ) -> Result<()> {
// Paths to get the currently available memory and the low memory threshold. // Paths to get the currently available memory and the low memory threshold.
const LOWMEM_MARGIN: &str = "/sys/kernel/mm/chromeos-low_mem/margin"; const LOWMEM_MARGIN: &str = "/sys/kernel/mm/chromeos-low_mem/margin";
@ -1278,8 +1281,10 @@ fn run_control(
.subsec_nanos() as u64, .subsec_nanos() as u64,
); );
if sandbox {
// Before starting VCPUs, in case we started with some capabilities, drop them all. // Before starting VCPUs, in case we started with some capabilities, drop them all.
drop_capabilities().map_err(Error::DropCapabilities)?; drop_capabilities().map_err(Error::DropCapabilities)?;
}
let mut vcpu_handles = Vec::with_capacity(linux.vcpus.len()); let mut vcpu_handles = Vec::with_capacity(linux.vcpus.len());
let vcpu_thread_barrier = Arc::new(Barrier::new(linux.vcpus.len() + 1)); let vcpu_thread_barrier = Arc::new(Barrier::new(linux.vcpus.len() + 1));