mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-06 18:38:01 +00:00
5124d62f86
With these changes arcvm starts when running with 64-bit userspace and this grep turns up blank: grep SECCOMP /var/log/audit/audit.log Generated by: * Hacking minijail0 to always log <https://r.android.com/2072091> and making sure it was compiled in debug mode. * Hacking "crosvm run" to be "crosvm run --seccomp-log-failures". I don't truly know if this is needed but it didn't hurt. * Diffing arm vs. arm64 From comparing arm vs. arm64 there could still be some things missing, or it's possible that arm has simply accumulated some cruft. More can be added later if we find it's needed. BUG=b:223410173, b:230609113 TEST=Start arcvm; start android-sh; run tast arc.VMConfig Change-Id: Ib5407ddecc3d19f43e14e5b036ac64baee9335bb Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3543889 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Auto-Submit: Douglas Anderson <dianders@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Douglas Anderson <dianders@chromium.org>
21 lines
459 B
Text
21 lines
459 B
Text
# Copyright 2022 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
@include /usr/share/policy/crosvm/common_device.policy
|
|
|
|
connect: 1
|
|
newfstatat: 1
|
|
getegid: 1
|
|
geteuid: 1
|
|
getgid: 1
|
|
getrandom: 1
|
|
getsockname: 1
|
|
getuid: 1
|
|
# ioctl: arg1 == DRM_IOCTL_*
|
|
ioctl: arg1 & 0x6400
|
|
memfd_create: 1
|
|
openat: 1
|
|
setpriority: 1
|
|
socket: arg0 == AF_UNIX
|
|
prctl: arg0 == PR_SET_NAME
|