mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-10-25 21:39:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/seccomp/x86_64
History
David Riley b22b6137aa gpu: add sandboxing via minijail for virtio gpu device. 
Sandboxing only works when started as chronos via concierge client.  If
started directly via crosvm as root, the jail will not have proper group
permissions to access the Wayland socket.

BUG=chromium:837073
TEST=build with --features=gpu; null_platform_test without --disable-sandbox
CQ-DEPEND=CL:1213779

Change-Id: I6331f7ae1f5b99d31ad44cf158f72337294771f0
Reviewed-on: https://chromium-review.googlesource.com/1181168
Commit-Ready: David Riley <davidriley@chromium.org>
Tested-by: David Riley <davidriley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>
2018-09-17 13:18:06 -07:00
..
9p_device.policy virtio: Implement the 9P device 2018-08-08 13:45:44 -07:00
9s.policy 9s: Server binary for the 9p file system 2018-08-08 13:45:41 -07:00
balloon_device.policy
block_device.policy devices: block: implement discard and write zeroes 2018-09-10 13:33:46 -07:00
gpu_device.policy gpu: add sandboxing via minijail for virtio gpu device. 2018-09-17 13:18:06 -07:00
net_device.policy
rng_device.policy
vhost_net_device.policy
vhost_vsock_device.policy
wl_device.policy