mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-06 10:32:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
1274 commits 607 branches 2 tags 236 MiB
Commit graph

6 commits

Author SHA1 Message Date
Yusuke Sato
1617c21918 seccomp: Allow 9p device to use open/openat 
This allows us to use export a directory to a VM with the
'--shared-dir tag:/dir' crosvm command line flag without relying
on seneschal. The fs device's policy already does the same.

BUG=b:123309049
TEST=Start tot ARCVM, run 'mkdir /var/run/arc/arcvm && mount -t 9p
  -o "trans=virtio,version=9p2000.L,cache=none,access=any"
  host_generated /var/run/arc/arcvm && ls /var/run/arc/arcvm',
  verify ls prints files.

Change-Id: I8f8b265fc8a7de159508afbee5114b6a3f084d01
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1995319
Tested-by: Yusuke Sato <yusukes@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Lepton Wu <lepton@chromium.org>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Yusuke Sato <yusukes@chromium.org>
 2020-01-13 21:26:19 +00:00
Zach Reizner
bae43dd4c9 seccomp: refactor policy into common_device.policy 
CQ-DEPEND=CL:1449895
BUG=None
TEST=vmc start termina

Change-Id: Ia3edaafc1d2958bd40e6b1adc89dd5e29b679b06
Reviewed-on: https://chromium-review.googlesource.com/1448292
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Tested-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
 2019-02-07 03:02:12 -08:00
Yunlian Jiang
31c20fdcce crosvm: add getpid and prlimit to seccomp 
This is needed to make sure seccomp work with glibc 2.27

BUG=chromium:897477
TEST=None

Change-Id: I101aa07bffd8db2b449be1a697dafcd7d6f1cb58
Reviewed-on: https://chromium-review.googlesource.com/1294729
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
 2018-10-23 02:55:29 -07:00
Yunlian Jiang
a70445aa3b crosvm: add openat to seccomp 
This adds openat to a seccomp policy file if open is already there.
We need this because glibc 2.25 changed it system call for open().

BUG=chromium:894614
TEST=None

Change-Id: Ie5b45d858e8d9ea081fd7bfda81709bda048d965
Reviewed-on: https://chromium-review.googlesource.com/1292129
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
 2018-10-21 05:25:01 -07:00
Chirantan Ekbote
0a4f280e3a seccomp: Update 9p policy 
Add newfstatat for x86 and fstatat64 for arm to the seccomp policy file
for the 9p device and server program.

BUG=chromium:886535
TEST=`vmc share termina foo` and then `ls /mnt/shared` inside the VM
     works

Change-Id: I6871f54ae885e080dca0ea5751987d59c55a59d6
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1232556
Reviewed-by: Stephen Barber <smbarber@chromium.org>
 2018-09-21 19:50:12 -07:00
Stephen Barber
bce85fe345 seccomp: move 9s policy aarch64 -> arm 
Seccomp policy for ARM hosts was recently moved from aarch64 to arm to
accurately match the ABI used on the host. Move 9s policy to match this.

BUG=none
TEST=vm.Webserver on kevin succeeds

Change-Id: I97daa524edcd411618561ce07525738bc65457cb
Reviewed-on: https://chromium-review.googlesource.com/1180470
Commit-Ready: Stephen Barber <smbarber@chromium.org>
Tested-by: Stephen Barber <smbarber@chromium.org>
Reviewed-by: Sonny Rao <sonnyrao@chromium.org>
 2018-08-20 17:12:17 -07:00
Renamed from seccomp/aarch64/9p_device.policy (Browse further)