crosvm

427 commits 607 branches 2 tags 228 MiB

Author SHA1 Message Date

Author	SHA1	Message	Date
Daniel Verkamp	616a093d91	devices: block: allow timerfd syscalls in seccomp "devices: block: Flush a minute after a write" introduced new timerfd_ syscalls into the block device but did not add them to the seccomp whitelist. BUG=chromium:885238 TEST=Run crosvm in multiprocess mode and verify that it boots Change-Id: I1568946c64d86ab7dba535a430a8cbe235f64454 Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1231513 Commit-Ready: Dylan Reid <dgreid@chromium.org> Tested-by: Dylan Reid <dgreid@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org>	2018-09-19 15:40:06 -07:00
Daniel Verkamp	7621d910f5	devices: block: implement discard and write zeroes Discard and Write Zeroes commands have been added to the virtio block specification: `88c8553838` Implement both commands using the WriteZeroes trait. BUG=chromium:850998 TEST=fstrim within termina on a writable qcow image Change-Id: I33e54e303202328c10f7f2d6e69ab19f419f3998 Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1188680 Reviewed-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org>	2018-09-10 13:33:46 -07:00
Sonny Rao	b847858e66	seccomp: rename aarch64 -> arm These policies are not for aarch64 but use the 32-bit system calls. We call it aarch64 support because that's what we're targetting for the guest kernel, but it doesn't really make any sense to call the seccomp policies aarch64 when we're building a 32-bit binary. We can add real aarch64 seccomp policies when we start building a aarch64 crosvm binary. BUG=chromium:866197 TEST=emerge-kevin crosvm, run vm_CrosVmStart CQ-DEPEND=CL:1145903 Change-Id: I7c5e70fbc127e4209ed392cfcf10ea36a6dd4b2c Reviewed-on: https://chromium-review.googlesource.com/1145909 Commit-Ready: Sonny Rao <sonnyrao@chromium.org> Tested-by: Sonny Rao <sonnyrao@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org>	2018-07-23 21:04:38 -07:00

Daniel Verkamp

616a093d91

devices: block: allow timerfd syscalls in seccomp

"devices: block: Flush a minute after a write" introduced new timerfd_
syscalls into the block device but did not add them to the seccomp
whitelist.

BUG=chromium:885238
TEST=Run crosvm in multiprocess mode and verify that it boots

Change-Id: I1568946c64d86ab7dba535a430a8cbe235f64454
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1231513
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>

2018-09-19 15:40:06 -07:00

Daniel Verkamp

7621d910f5

devices: block: implement discard and write zeroes

Discard and Write Zeroes commands have been added to the virtio block
specification:
88c8553838

Implement both commands using the WriteZeroes trait.

BUG=chromium:850998
TEST=fstrim within termina on a writable qcow image

Change-Id: I33e54e303202328c10f7f2d6e69ab19f419f3998
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1188680
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>

2018-09-10 13:33:46 -07:00

Sonny Rao

b847858e66

seccomp: rename aarch64 -> arm

These policies are not for aarch64 but use the 32-bit system calls.
We call it aarch64 support because that's what we're targetting for
the guest kernel, but it doesn't really make any sense to call the
seccomp policies aarch64 when we're building a 32-bit binary.
We can add real aarch64 seccomp policies when we start building a
aarch64 crosvm binary.

BUG=chromium:866197
TEST=emerge-kevin crosvm, run vm_CrosVmStart
CQ-DEPEND=CL:1145903

Change-Id: I7c5e70fbc127e4209ed392cfcf10ea36a6dd4b2c
Reviewed-on: https://chromium-review.googlesource.com/1145909
Commit-Ready: Sonny Rao <sonnyrao@chromium.org>
Tested-by: Sonny Rao <sonnyrao@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>

2018-07-23 21:04:38 -07:00

Renamed from seccomp/aarch64/block_device.policy (Browse further)

3 commits