mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-10 20:19:07 +00:00
82b1bec6b0
Add support for creating block devices using the `crosvm devices` command. Due to conflicting seccomp policies between vhost-user transport and the block device, we need to temporarily remove some lines from vhost_user.policy and vvu.policy and reproduce them in the serial device's policy. This will be handled properly later using a new seccomp policy parser. BUG=b:217480043 TEST=`crosvm devices --block vhost=/tmp/vu-block,path=disk.img` results in a working vhost-user block device. TEST=`crosvm devices --block vhost=0000:00:10.0,path=disk.img` results in a working VVU block device. TEST=regular virtio block device is usable as jailed root device. Change-Id: Ide62adbf81390eb39cd10f3d2880e2c065982d05 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3765000 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Alexandre Courbot <acourbot@chromium.org> Tested-by: Alexandre Courbot <acourbot@chromium.org> Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
15 lines
705 B
Text
15 lines
705 B
Text
# Copyright 2022 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Policy file for the vhost-user transport over a socket.
|
|
|
|
# FIONBIO: for setting non-blocking mode over the socket.
|
|
# TCGETS/TCSETS: used on FD 0, probably for serial.
|
|
# b/239779171: try moving this to the serial device once we can extend ioctls across policy files.
|
|
ioctl: arg1 == FIONBIO || arg1 == TCGETS || arg1 == TCSETS
|
|
# For seeking over the received connection.
|
|
# b/239779171 : temporarily disabled as it conflicts with block's definition.
|
|
# lseek: arg2 == SEEK_END
|
|
# For accepting a client connection over the socket.
|
|
accept4: 1
|