mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2024-10-25 05:35:41 +00:00
2ea297ac76
Using syslog from glibc will use some syscalls we haven't seen before, leading to the process getting killed. This change fixes that. TEST=use syslog from C BUG=chromium:988082 Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com>
75 lines
1.6 KiB
Text
75 lines
1.6 KiB
Text
# Copyright 2018 The Chromium OS Authors. All rights reserved.
|
|
# Use of this source code is governed by a BSD-style license that can be
|
|
# found in the LICENSE file.
|
|
|
|
# Rules from common_device.policy with some rules removed because they block certain flags needed
|
|
# for gpu.
|
|
brk: 1
|
|
clone: arg0 & CLONE_THREAD
|
|
close: 1
|
|
dup2: 1
|
|
dup: 1
|
|
epoll_create1: 1
|
|
epoll_ctl: 1
|
|
epoll_wait: 1
|
|
eventfd2: 1
|
|
exit: 1
|
|
exit_group: 1
|
|
futex: 1
|
|
getpid: 1
|
|
gettimeofday: 1
|
|
kill: 1
|
|
madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
|
|
mremap: 1
|
|
munmap: 1
|
|
nanosleep: 1
|
|
pipe2: 1
|
|
poll: 1
|
|
ppoll: 1
|
|
prctl: arg0 == PR_SET_NAME
|
|
read: 1
|
|
readv: 1
|
|
recvfrom: 1
|
|
recvmsg: 1
|
|
restart_syscall: 1
|
|
rt_sigaction: 1
|
|
rt_sigprocmask: 1
|
|
rt_sigreturn: 1
|
|
sched_getaffinity: 1
|
|
sendmsg: 1
|
|
sendto: 1
|
|
set_robust_list: 1
|
|
sigaltstack: 1
|
|
write: 1
|
|
writev: 1
|
|
|
|
# Rules specific to gpu
|
|
connect: 1
|
|
fcntl: arg1 == F_DUPFD_CLOEXEC
|
|
fstat: 1
|
|
# Used to set of size new memfd.
|
|
ftruncate: 1
|
|
getdents: 1
|
|
geteuid: 1
|
|
getrandom: 1
|
|
getuid: 1
|
|
ioctl: arg1 == FIONBIO || arg1 == FIOCLEX || arg1 == 0x40086200 || arg1 & 0x6400
|
|
lseek: 1
|
|
lstat: 1
|
|
# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING
|
|
memfd_create: arg1 == 3
|
|
# mmap/mprotect/open/openat differ from the common_device.policy
|
|
mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ
|
|
mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ
|
|
open: 1
|
|
openat: 1
|
|
readlink: 1
|
|
socket: arg0 == 1 && arg1 == 0x80001 && arg2 == 0
|
|
stat: 1
|
|
sysinfo: 1
|
|
|
|
# Rules specific to AMD gpus.
|
|
uname: 1
|
|
sched_setscheduler: 1
|
|
sched_setaffinity: 1
|