mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-01-13 01:07:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
548 commits 607 branches 2 tags 230 MiB
Commit graph

2 commits

Author SHA1 Message Date
Yunlian Jiang
a70445aa3b crosvm: add openat to seccomp 
This adds openat to a seccomp policy file if open is already there.
We need this because glibc 2.25 changed it system call for open().

BUG=chromium:894614
TEST=None

Change-Id: Ie5b45d858e8d9ea081fd7bfda81709bda048d965
Reviewed-on: https://chromium-review.googlesource.com/1292129
Commit-Ready: Yunlian Jiang <yunlian@chromium.org>
Tested-by: Yunlian Jiang <yunlian@chromium.org>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
 2018-10-21 05:25:01 -07:00
David Riley
b22b6137aa gpu: add sandboxing via minijail for virtio gpu device. 
Sandboxing only works when started as chronos via concierge client.  If
started directly via crosvm as root, the jail will not have proper group
permissions to access the Wayland socket.

BUG=chromium:837073
TEST=build with --features=gpu; null_platform_test without --disable-sandbox
CQ-DEPEND=CL:1213779

Change-Id: I6331f7ae1f5b99d31ad44cf158f72337294771f0
Reviewed-on: https://chromium-review.googlesource.com/1181168
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
 2018-09-17 13:18:06 -07:00