crosvm

5107 commits 607 branches 2 tags 237 MiB

Author	SHA1	Message	Date
David Stevens	c11683b07f	seccomp: add lseek to all devices The panic hook calls read_to_string, which relies on lseek internally. Most devices already allow lseek, but add it to the common policy files to ensure that devices can properly panic. BUG=None TEST=compiles Change-Id: I99d6d1d258706874cc04ce550108991631d71706 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3960213 Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org> Commit-Queue: David Stevens <stevensd@chromium.org> Reviewed-by: Alexandre Courbot <acourbot@chromium.org>	2022-10-18 06:39:41 +00:00
Dennis Kempin	1dab58a2cf	Update all copyright headers to match new style This search/replace updates all copyright notices to drop the "All rights reserved", Use "ChromiumOS" instead of "Chromium OS" and drops the trailing dots. This fulfills the request from legal and unifies our notices. ./tools/health-check has been updated to only accept this style. BUG=b:246579983 TEST=./tools/health-check Change-Id: I87a80701dc651f1baf4820e5cc42469d7c5f5bf7 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3894243 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Dennis Kempin <denniskempin@google.com>	2022-09-13 18:41:29 +00:00
Alexandre Courbot	c553d1c283	seccomp: define naming rules for policy files We are going to use separate policy files per device for the following scenarios: 1) Regular in-VMM virtio device, 2) Virtio device over vhost-user, 3) Virtio device over Vvu. Each of these scenarios require slightly different policies as a jailed device process needs to allow not only the system calls necessary for the device to function, but also those required by the virtio transport in use. This CL adds a README.md file to the seccomp directory that details the naming and policy inclusion rules, and updates the serial, xhci and coiommu policies to follow the naming scheme. Vhost-user and VVU policy files will be added along with support for jailing devices when they are in use. BUG=b:217480043 TEST=serial device works with `crosvm run`. Change-Id: I6d454aa6e05d00691fe3346e822ed1fc7b24aed8 Signed-off-by: Alexandre Courbot <acourbot@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3706490 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com>	2022-06-17 04:35:09 +00:00

Author

SHA1

Message

Date

David Stevens

c11683b07f

seccomp: add lseek to all devices

The panic hook calls read_to_string, which relies on lseek internally.
Most devices already allow lseek, but add it to the common policy files
to ensure that devices can properly panic.

BUG=None
TEST=compiles

Change-Id: I99d6d1d258706874cc04ce550108991631d71706
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3960213
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
Commit-Queue: David Stevens <stevensd@chromium.org>
Reviewed-by: Alexandre Courbot <acourbot@chromium.org>

2022-10-18 06:39:41 +00:00

Dennis Kempin

1dab58a2cf

Update all copyright headers to match new style

This search/replace updates all copyright notices to drop the
"All rights reserved", Use "ChromiumOS" instead of "Chromium OS"
and drops the trailing dots.

This fulfills the request from legal and unifies our notices.

./tools/health-check has been updated to only accept this style.

BUG=b:246579983
TEST=./tools/health-check

Change-Id: I87a80701dc651f1baf4820e5cc42469d7c5f5bf7
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3894243
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Dennis Kempin <denniskempin@google.com>

2022-09-13 18:41:29 +00:00

Alexandre Courbot

c553d1c283

seccomp: define naming rules for policy files

We are going to use separate policy files per device for the following scenarios:

1) Regular in-VMM virtio device,
2) Virtio device over vhost-user,
3) Virtio device over Vvu.

Each of these scenarios require slightly different policies as a jailed
device process needs to allow not only the system calls necessary for
the device to function, but also those required by the virtio transport
in use.

This CL adds a README.md file to the seccomp directory that details the
naming and policy inclusion rules, and updates the serial, xhci and
coiommu policies to follow the naming scheme.

Vhost-user and VVU policy files will be added along with support for
jailing devices when they are in use.

BUG=b:217480043
TEST=serial device works with `crosvm run`.

Change-Id: I6d454aa6e05d00691fe3346e822ed1fc7b24aed8
Signed-off-by: Alexandre Courbot <acourbot@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3706490
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>

2022-06-17 04:35:09 +00:00

Renamed from seccomp/arm/xhci.policy (Browse further)

3 commits