If a copy of the compile_seccomp_policy program that is used to generate
BPF versions of the seccomp policies is available in the $PATH, use it
in preference to the one in the submodule.
This makes the ChromeOS ebuild able to embed seccomp policies, since it
has compile_secomp_policy installed as part of the cros_sdk, so the
special case for CROSVM_BUILD_VARIANT is removed.
BUG=b:235858187
TEST=emerge-kevin crosvm # with submodules deinitialized
Change-Id: I30f23a507ee444bc3fe5d78af394fbe651191be0
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3998113
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
The constants.json file is generated for compiling seccomp polices,
but is only ever added to in newer versions of linux.
Generating them in build.rs will cause the seccomp compiler to only
understand constants and syscalls available on the build machine
and fail if policy files try to allow syscalls not available.
Putting the constants in version control will allow us to compile
the policies regardless of how old the kernel headers on the build
machine are.
BUG=b:235858187
TEST=presubmit
Change-Id: I1cfbb38f4687eb68b141f62c1c5fe6104b3f6456
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3988899
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Auto-Submit: Dennis Kempin <denniskempin@google.com>
Using the same CARGO_TARGET_DIR for all builds prevents us from
building for platforms in parallel, since cargo will lock the
directory to only run one build at a time.
Use the same directory for clippy as well, and ensure that
clippy won't invalidate caches created by run_tests.
This reduces the build time for tools/presubmit by about 50%.
Another advantage is that rust_analyzer and run_tests will no longer
block each other or invalidate the cache when run with different
feature flags.
Note: This introduces two subtle changes to the build that required nit
fixes:
- build.rs files are now run through clippy as well
- common/* crates are now also built for the target architecture instead
the host.
BUG=None
TEST=tools/presubmit
Change-Id: I8da9ef53418c0b15827d512a04e77828621aef88
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3984416
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
We currently use cargo features to modify the build process, which
makes them non-additive and prevents us from moving towards
using --all-features in the future.
To change build.rs behavior to integrate with downstream build
systems (e.g. use pkg_config only on chromeos) we will use the newly
added CROSVM_BUILD_VARIANT env variable. Currently only
used by ChromeOS, but not limited to it.
For now, CROSVM_BUILD_VARIANT=chromeos will prevent the
embedding of seccomp policies.
BUG=b:244618505
TEST=Test in combination with https://crrev.com/c/3923813
Change-Id: I2bfe999b5252740d57c73c4a85d73bd343c8259e
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3926325
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
This search/replace updates all copyright notices to drop the
"All rights reserved", Use "ChromiumOS" instead of "Chromium OS"
and drops the trailing dots.
This fulfills the request from legal and unifies our notices.
./tools/health-check has been updated to only accept this style.
BUG=b:246579983
TEST=./tools/health-check
Change-Id: I87a80701dc651f1baf4820e5cc42469d7c5f5bf7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3894243
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Seccomp policy files will now pre-compile to bpf bytecode for
target architecture and embedded in the crosvm binary when not
built for chrome os.
When minijail is not checked out in crosvm tree as a submodule,
MINIJAIL_DIR environment variable needs to be specified for the
policy compiler to run.
Integration tests are now sandbox enabled for better coverage.
TEST=all tests passed, vm runs fine with sandbox on and no separate
policy files present. cros deploy & crostini still works.
BUG=b:235858187
FIXED=b:226975168
Change-Id: Ieaba4b3d7160ccb342a297ebc374894d19a8dc4d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824062
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>
This reverts commit a78f92cdb2.
Reason for revert: doesn't build on Chrome OS
Original change's description:
> crosvm: Embed seccomp filters into binary
>
> Seccomp policy files will now pre-compile to bpf bytecode for
> target architecture and embedded in the crosvm binary.
> When minijail is not checked out in crosvm tree as a submodule,
> MINIJAIL_DIR environment variable needs to be specified for the
> policy compiler to run.
>
> TEST=all tests passed, vm runs fine with sandbox on and no separate
> policy files present.
> BUG=b:235858187
>
> Change-Id: Ia801966df0a8adfdc4a80f5899e33121fe45e5f9
> Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3774318
> Reviewed-by: Dennis Kempin <denniskempin@google.com>
> Commit-Queue: Zihan Chen <zihanchen@google.com>
> Tested-by: Zihan Chen <zihanchen@google.com>
Bug: b:235858187
Change-Id: Ia81e43185d5f16bd061b6d0290befb4642c44548
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3813056
Tested-by: Junichi Uekawa <uekawa@chromium.org>
Commit-Queue: Junichi Uekawa <uekawa@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Seccomp policy files will now pre-compile to bpf bytecode for
target architecture and embedded in the crosvm binary.
When minijail is not checked out in crosvm tree as a submodule,
MINIJAIL_DIR environment variable needs to be specified for the
policy compiler to run.
TEST=all tests passed, vm runs fine with sandbox on and no separate
policy files present.
BUG=b:235858187
Change-Id: Ia801966df0a8adfdc4a80f5899e33121fe45e5f9
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3774318
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>
Tested-by: Zihan Chen <zihanchen@google.com>
