mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-11 04:26:38 +00:00
17c782f1c1
Allow the restartable sequences system call used by glibc 2.35+.
This is an extension of commit 637402a827 ("Add rseq to the seccomp
policy file on aarch64."), which was originally reverted because the
ChromeOS kernel headers did not have the necessary declarations yet.
This depends on the rseq declarations patch to linux-headers:
https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/3749266/
BUG=b:235172163
BUG=b:235960683
TEST=Start crosvm on x86-64 Arch Linux with glibc 2.35
TEST=emerge-hatch crosvm # ensure seccomp policies compile
Reported-By: Peter Collingbourne <pcc@google.com>
Change-Id: I14e3dfd150a7c06bdafc68a88ef3f755eb7bf90c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3763776
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Peter Collingbourne <pcc@chromium.org>
Reviewed-by: Junichi Uekawa <uekawa@chromium.org>
107 lines
2.3 KiB
Text
107 lines
2.3 KiB
Text
# Copyright 2021 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Rules from common_device.policy with some rules removed because they block certain flags needed
|
|
# for gpu.
|
|
brk: 1
|
|
clock_gettime: 1
|
|
close: 1
|
|
dup2: 1
|
|
dup: 1
|
|
epoll_create1: 1
|
|
epoll_ctl: 1
|
|
epoll_wait: 1
|
|
eventfd2: 1
|
|
exit: 1
|
|
exit_group: 1
|
|
futex: 1
|
|
getcwd: 1
|
|
getpid: 1
|
|
gettid: 1
|
|
gettimeofday: 1
|
|
io_uring_setup: 1
|
|
io_uring_enter: 1
|
|
kill: 1
|
|
madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
|
|
mremap: 1
|
|
munmap: 1
|
|
nanosleep: 1
|
|
clock_nanosleep: 1
|
|
pipe2: 1
|
|
poll: 1
|
|
ppoll: 1
|
|
read: 1
|
|
readlink: 1
|
|
readlinkat: 1
|
|
readv: 1
|
|
recvfrom: 1
|
|
recvmsg: 1
|
|
restart_syscall: 1
|
|
rseq: 1
|
|
rt_sigaction: 1
|
|
rt_sigprocmask: 1
|
|
rt_sigreturn: 1
|
|
sched_getaffinity: 1
|
|
sched_yield: 1
|
|
sendmsg: 1
|
|
sendto: 1
|
|
set_robust_list: 1
|
|
sigaltstack: 1
|
|
write: 1
|
|
writev: 1
|
|
uname: 1
|
|
|
|
# Rules specific to gpu
|
|
connect: 1
|
|
# 1033 is F_ADD_SEALS, 1034 is F_GET_SEALS
|
|
fcntl: arg1 == F_DUPFD_CLOEXEC || arg1 == F_SETFD || arg1 == F_GETFL || \
|
|
arg1 == F_SETFL || arg1 == 1033 || arg1 == 1034
|
|
fstat: 1
|
|
# Used to set of size new memfd.
|
|
ftruncate: 1
|
|
getdents: 1
|
|
getdents64: 1
|
|
geteuid: 1
|
|
getrandom: 1
|
|
getuid: 1
|
|
# 0x40086200 = DMA_BUF_IOCTL_SYNC, 0x6400 == DRM_IOCTL_BASE, 0x40087543 == UDMABUF_CREATE_LIST
|
|
ioctl: arg1 == FIONBIO || arg1 == FIOCLEX || arg1 == 0x40086200 || arg1 & 0x6400 || arg1 == 0x40087543
|
|
lseek: 1
|
|
lstat: 1
|
|
# Used for sharing memory with wayland. Also internally by Intel anv.
|
|
# arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING or simply MFD_CLOEXEC.
|
|
memfd_create: arg1 == 3 || arg1 == 1
|
|
# mmap/mprotect/open/openat differ from the common_device.policy
|
|
mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ
|
|
mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ
|
|
open: 1
|
|
openat: 1
|
|
stat: 1
|
|
statx: 1
|
|
sysinfo: 1
|
|
fstatfs: 1
|
|
prctl: arg0 == PR_SET_NAME || arg0 == PR_GET_NAME
|
|
|
|
# Required for perfetto tracing
|
|
# fcntl: arg1 == F_SETFD || arg1 == F_GETFL || arg1 == F_SETFL (merged above)
|
|
getsockopt: 1
|
|
shutdown: 1
|
|
|
|
# Rules for Mesa's shader binary cache.
|
|
flock: 1
|
|
mkdir: 1
|
|
newfstatat: 1
|
|
rename: 1
|
|
setpriority: 1
|
|
unlink: 1
|
|
|
|
# Rules specific to AMD gpus.
|
|
sched_setscheduler: 1
|
|
sched_setaffinity: 1
|
|
kcmp: 1
|
|
|
|
# Rules for Vulkan loader / layers
|
|
access: 1
|
|
getgid: 1
|
|
getegid: 1
|