diff options
| author | Sonny Rao <sonnyrao@chromium.org> | 2018-05-31 17:35:02 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-06-01 17:44:30 -0700 |
| commit | 90c50419d4ed58f226a65a0751f404be26aa97c1 (patch) | |
| tree | 0a6eafa0015753450b496e92e35bc80fc58f89e2 | |
| parent | 5f5e7ec3ba04e29b68244e56f1bce0d87ff6f7d9 (diff) | |
| download | crosvm-90c50419d4ed58f226a65a0751f404be26aa97c1.tar crosvm-90c50419d4ed58f226a65a0751f404be26aa97c1.tar.gz crosvm-90c50419d4ed58f226a65a0751f404be26aa97c1.tar.bz2 crosvm-90c50419d4ed58f226a65a0751f404be26aa97c1.tar.lz crosvm-90c50419d4ed58f226a65a0751f404be26aa97c1.tar.xz crosvm-90c50419d4ed58f226a65a0751f404be26aa97c1.tar.zst crosvm-90c50419d4ed58f226a65a0751f404be26aa97c1.zip | |
crosvm: aarch64: whitelist gettimeofday for error messages
It looks like on ARM we use the real gettimeofday system call when we're outputting error messages, so we need to whitelist this to avoid crashing instead of seeing the error messages. BUG=chromium:843807 TEST=run vm_CrosVmStart and make sure there are no crashes for crosvm Change-Id: I9f47da8dabe31f0677bcaa1d431e56545e20c9c9 Reviewed-on: https://chromium-review.googlesource.com/1081390 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Sonny Rao <sonnyrao@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
| -rw-r--r-- | seccomp/aarch64/balloon_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/aarch64/block_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/aarch64/net_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/aarch64/rng_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/aarch64/vhost_net_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/aarch64/vhost_vsock_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/aarch64/wl_device.policy | 1 |
7 files changed, 7 insertions, 0 deletions
diff --git a/seccomp/aarch64/balloon_device.policy b/seccomp/aarch64/balloon_device.policy index 9d5cc4c..d5011be 100644 --- a/seccomp/aarch64/balloon_device.policy +++ b/seccomp/aarch64/balloon_device.policy @@ -5,6 +5,7 @@ close: 1 exit_group: 1 futex: 1 +gettimeofday: 1 madvise: 1 # Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit # negation, thus the manually negated mask constant. diff --git a/seccomp/aarch64/block_device.policy b/seccomp/aarch64/block_device.policy index cb9dce2..9dcaa92 100644 --- a/seccomp/aarch64/block_device.policy +++ b/seccomp/aarch64/block_device.policy @@ -11,6 +11,7 @@ fstat64: 1 fsync: 1 ftruncate64: 1 futex: 1 +gettimeofday: 1 _llseek: 1 # Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit # negation, thus the manually negated mask constant. diff --git a/seccomp/aarch64/net_device.policy b/seccomp/aarch64/net_device.policy index e87bf70..5f50c87 100644 --- a/seccomp/aarch64/net_device.policy +++ b/seccomp/aarch64/net_device.policy @@ -7,6 +7,7 @@ dup: 1 dup2: 1 exit_group: 1 futex: 1 +gettimeofday: 1 # Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit # negation, thus the manually negated mask constant. mmap2: arg2 in 0xfffffffb diff --git a/seccomp/aarch64/rng_device.policy b/seccomp/aarch64/rng_device.policy index 746e955..7d2df8f 100644 --- a/seccomp/aarch64/rng_device.policy +++ b/seccomp/aarch64/rng_device.policy @@ -7,6 +7,7 @@ dup: 1 dup2: 1 exit_group: 1 futex: 1 +gettimeofday: 1 # Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit # negation, thus the manually negated mask constant. mmap2: arg2 in 0xfffffffb diff --git a/seccomp/aarch64/vhost_net_device.policy b/seccomp/aarch64/vhost_net_device.policy index 2ed1af7..815aa34 100644 --- a/seccomp/aarch64/vhost_net_device.policy +++ b/seccomp/aarch64/vhost_net_device.policy @@ -7,6 +7,7 @@ dup: 1 dup2: 1 exit_group: 1 futex: 1 +gettimeofday: 1 # Whitelist vhost_net ioctls only. # arg1 == VHOST_GET_FEATURES || # arg1 == VHOST_SET_FEATURES || diff --git a/seccomp/aarch64/vhost_vsock_device.policy b/seccomp/aarch64/vhost_vsock_device.policy index 628a5ce..c6efaee 100644 --- a/seccomp/aarch64/vhost_vsock_device.policy +++ b/seccomp/aarch64/vhost_vsock_device.policy @@ -7,6 +7,7 @@ dup: 1 dup2: 1 exit_group: 1 futex: 1 +gettimeofday: 1 # Whitelist vhost_vsock ioctls only. # arg1 == VHOST_GET_FEATURES || # arg1 == VHOST_SET_FEATURES || diff --git a/seccomp/aarch64/wl_device.policy b/seccomp/aarch64/wl_device.policy index e26dd08..9f21169 100644 --- a/seccomp/aarch64/wl_device.policy +++ b/seccomp/aarch64/wl_device.policy @@ -6,6 +6,7 @@ close: 1 dup: 1 dup2: 1 getpid: 1 +gettimeofday: 1 exit_group: 1 futex: 1 # Disallow mmap with PROT_EXEC set. The syntax here doesn't allow bit |