mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-05 18:20:34 +00:00
c553d1c283
We are going to use separate policy files per device for the following scenarios: 1) Regular in-VMM virtio device, 2) Virtio device over vhost-user, 3) Virtio device over Vvu. Each of these scenarios require slightly different policies as a jailed device process needs to allow not only the system calls necessary for the device to function, but also those required by the virtio transport in use. This CL adds a README.md file to the seccomp directory that details the naming and policy inclusion rules, and updates the serial, xhci and coiommu policies to follow the naming scheme. Vhost-user and VVU policy files will be added along with support for jailing devices when they are in use. BUG=b:217480043 TEST=serial device works with `crosvm run`. Change-Id: I6d454aa6e05d00691fe3346e822ed1fc7b24aed8 Signed-off-by: Alexandre Courbot <acourbot@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3706490 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> |
||
|---|---|---|
| .. | ||
| 9p_device.policy | ||
| balloon_device.policy | ||
| battery.policy | ||
| block_device.policy | ||
| coiommu_device.policy | ||
| common_device.frequency | ||
| common_device.policy | ||
| cras_audio_device.policy | ||
| cras_snd_device.policy | ||
| fs_device.policy | ||
| gpu_common.policy | ||
| gpu_device.policy | ||
| gpu_render_server.policy | ||
| input_device.policy | ||
| iommu_device.policy | ||
| net_device.policy | ||
| null_audio_device.policy | ||
| pmem_device.policy | ||
| rng_device.policy | ||
| serial.policy | ||
| serial_device.policy | ||
| tpm_device.policy | ||
| vfio_device.policy | ||
| vhost_net_device.policy | ||
| vhost_vsock_device.policy | ||
| video_device.policy | ||
| vios_audio_device.policy | ||
| vvu_proxy_device.policy | ||
| wl_device.policy | ||
| xhci_device.policy | ||