diff options
| author | Zach Reizner <zachr@google.com> | 2019-07-26 13:24:35 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-07-27 03:50:22 +0000 |
| commit | 2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b (patch) | |
| tree | a969caeced975ad998b372ded7c66de559bf04c5 | |
| parent | 92e75f0e2ae71321053d1529ba2acc797ce955b5 (diff) | |
| download | crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.gz crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.bz2 crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.lz crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.xz crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.tar.zst crosvm-2ea297ac76e1d4d3f92f91acabd995a6d7cfaa0b.zip | |
seccomp: add sendto, writev, and readv to common seccomp policies
Using syslog from glibc will use some syscalls we haven't seen before, leading to the process getting killed. This change fixes that. TEST=use syslog from C BUG=chromium:988082 Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com>
| -rw-r--r-- | seccomp/arm/common_device.policy | 3 | ||||
| -rw-r--r-- | seccomp/x86_64/common_device.policy | 3 | ||||
| -rw-r--r-- | seccomp/x86_64/gpu_device.policy | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/seccomp/arm/common_device.policy b/seccomp/arm/common_device.policy index d2b5a6b..7340145 100644 --- a/seccomp/arm/common_device.policy +++ b/seccomp/arm/common_device.policy @@ -30,6 +30,7 @@ poll: 1 ppoll: 1 prctl: arg0 == PR_SET_NAME read: 1 +readv: 1 recv: 1 recvfrom: 1 recvmsg: 1 @@ -39,6 +40,8 @@ rt_sigprocmask: 1 rt_sigreturn: 1 sched_getaffinity: 1 sendmsg: 1 +sendto: 1 set_robust_list: 1 sigaltstack: 1 write: 1 +writev: 1 diff --git a/seccomp/x86_64/common_device.policy b/seccomp/x86_64/common_device.policy index 2379b95..81ebb18 100644 --- a/seccomp/x86_64/common_device.policy +++ b/seccomp/x86_64/common_device.policy @@ -30,6 +30,7 @@ poll: 1 ppoll: 1 prctl: arg0 == PR_SET_NAME read: 1 +readv: 1 recvfrom: 1 recvmsg: 1 restart_syscall: 1 @@ -38,6 +39,8 @@ rt_sigprocmask: 1 rt_sigreturn: 1 sched_getaffinity: 1 sendmsg: 1 +sendto: 1 set_robust_list: 1 sigaltstack: 1 write: 1 +writev: 1 diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy index b6caa82..ac7292d 100644 --- a/seccomp/x86_64/gpu_device.policy +++ b/seccomp/x86_64/gpu_device.policy @@ -28,6 +28,7 @@ poll: 1 ppoll: 1 prctl: arg0 == PR_SET_NAME read: 1 +readv: 1 recvfrom: 1 recvmsg: 1 restart_syscall: 1 @@ -36,9 +37,11 @@ rt_sigprocmask: 1 rt_sigreturn: 1 sched_getaffinity: 1 sendmsg: 1 +sendto: 1 set_robust_list: 1 sigaltstack: 1 write: 1 +writev: 1 # Rules specific to gpu connect: 1 |