mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-06 02:25:23 +00:00
44863792aa
All cros-debug versions of crosvm enabled seccomp logging, which is now
broken on kernels <4.4 thanks to new minijail changes as explained in
the referenced BUG. This seems to be intended by the minijail folks as
the aim to improve the seccomp logging in part by changing its semantics
to logging failures without killing the violating process. In such a
world, crosvm should not as a compile time choice, enable logging, which
would amount to disabling some of the security. This change adds a
command line flag to emulate the old behavior for the purposes of
developer debugging, as long as that developer is running on a kernel
that supports the new minijail seccomp filter failure logging.
BUG=chromium:978998
TEST=USE=cros-debug emerge-eve crosvm && cros deploy eve crosvm
then start crostini in UI
Change-Id: I98190a068a919929e466fe22d6d630b90a758336
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1679380
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Zach Reizner <zachr@chromium.org>
Auto-Submit: Zach Reizner <zachr@chromium.org>
|
||
|---|---|---|
| .. | ||
| plugin | ||
| argument.rs | ||
| linux.rs | ||
| main.rs | ||
| panic_hook.rs | ||