From 7a4e207896ac087041eff755c489ed05ff5df780 Mon Sep 17 00:00:00 2001
From: Yiwei Zhang <zzyiwei@chromium.org>
Date: Thu, 16 Dec 2021 19:45:36 +0000
Subject: [PATCH] gpu_render_server: allow syslog and signalfd

BUG=b:211008411
BUG=b:210908665
TEST=venus on kukui-arc-r

Change-Id: I541277b0be64a96a26ee6745ea759679e6dc5230
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3344109
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Chia-I Wu <olv@google.com>
Commit-Queue: Yiwei Zhang <zzyiwei@chromium.org>
---
 seccomp/aarch64/gpu_render_server.policy | 5 +++++
 seccomp/arm/gpu_render_server.policy     | 5 +++++
 seccomp/x86_64/gpu_render_server.policy  | 3 +++
 3 files changed, 13 insertions(+)

diff --git a/seccomp/aarch64/gpu_render_server.policy b/seccomp/aarch64/gpu_render_server.policy
index 007c45bc67..c2a602a6fd 100644
--- a/seccomp/aarch64/gpu_render_server.policy
+++ b/seccomp/aarch64/gpu_render_server.policy
@@ -8,8 +8,13 @@
 clone: 1
 waitid: 1
 
+# allow vsyslog
+send: 1
 # allow SOCK_STREAM and SOCK_DGRAM (syslog)
 socket: arg0 == AF_UNIX && arg2 == 0
 
 # allow socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC)
 socketpair: arg0 == AF_UNIX && arg1 == SOCK_SEQPACKET|SOCK_CLOEXEC && arg2 == 0
+
+# allow signalfd()
+signalfd4: 1
diff --git a/seccomp/arm/gpu_render_server.policy b/seccomp/arm/gpu_render_server.policy
index 007c45bc67..c2a602a6fd 100644
--- a/seccomp/arm/gpu_render_server.policy
+++ b/seccomp/arm/gpu_render_server.policy
@@ -8,8 +8,13 @@
 clone: 1
 waitid: 1
 
+# allow vsyslog
+send: 1
 # allow SOCK_STREAM and SOCK_DGRAM (syslog)
 socket: arg0 == AF_UNIX && arg2 == 0
 
 # allow socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC)
 socketpair: arg0 == AF_UNIX && arg1 == SOCK_SEQPACKET|SOCK_CLOEXEC && arg2 == 0
+
+# allow signalfd()
+signalfd4: 1
diff --git a/seccomp/x86_64/gpu_render_server.policy b/seccomp/x86_64/gpu_render_server.policy
index 007c45bc67..536d43dd4f 100644
--- a/seccomp/x86_64/gpu_render_server.policy
+++ b/seccomp/x86_64/gpu_render_server.policy
@@ -13,3 +13,6 @@ socket: arg0 == AF_UNIX && arg2 == 0
 
 # allow socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC)
 socketpair: arg0 == AF_UNIX && arg1 == SOCK_SEQPACKET|SOCK_CLOEXEC && arg2 == 0
+
+# allow signalfd()
+signalfd4: 1