diff options
author | Yunlian Jiang <yunlian@google.com> | 2018-10-22 13:20:34 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-10-23 02:55:29 -0700 |
commit | 31c20fdcce2055a09580429e9522ca4bb1c5abb9 (patch) | |
tree | f1a82a5911c5813904c2e563647ca0c117bf20f3 | |
parent | 15503e236ece42f82a256cc0f572fd8df553a50f (diff) | |
download | crosvm-31c20fdcce2055a09580429e9522ca4bb1c5abb9.tar crosvm-31c20fdcce2055a09580429e9522ca4bb1c5abb9.tar.gz crosvm-31c20fdcce2055a09580429e9522ca4bb1c5abb9.tar.bz2 crosvm-31c20fdcce2055a09580429e9522ca4bb1c5abb9.tar.lz crosvm-31c20fdcce2055a09580429e9522ca4bb1c5abb9.tar.xz crosvm-31c20fdcce2055a09580429e9522ca4bb1c5abb9.tar.zst crosvm-31c20fdcce2055a09580429e9522ca4bb1c5abb9.zip |
crosvm: add getpid and prlimit to seccomp
This is needed to make sure seccomp work with glibc 2.27 BUG=chromium:897477 TEST=None Change-Id: I101aa07bffd8db2b449be1a697dafcd7d6f1cb58 Reviewed-on: https://chromium-review.googlesource.com/1294729 Commit-Ready: Yunlian Jiang <yunlian@chromium.org> Tested-by: Yunlian Jiang <yunlian@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
-rw-r--r-- | io_jail/src/test_filter.policy | 1 | ||||
-rw-r--r-- | seccomp/arm/9p_device.policy | 1 | ||||
-rw-r--r-- | seccomp/arm/9s.policy | 1 | ||||
-rw-r--r-- | seccomp/x86_64/9s.policy | 1 | ||||
-rw-r--r-- | tests/plugin.policy | 1 |
5 files changed, 5 insertions, 0 deletions
diff --git a/io_jail/src/test_filter.policy b/io_jail/src/test_filter.policy index 479e7e5..9f4c943 100644 --- a/io_jail/src/test_filter.policy +++ b/io_jail/src/test_filter.policy @@ -1,6 +1,7 @@ close: 1 exit: 1 futex: 1 +getpid: 1 lseek: 1 read: 1 write: 1 diff --git a/seccomp/arm/9p_device.policy b/seccomp/arm/9p_device.policy index feff21d..c1c3aea 100644 --- a/seccomp/arm/9p_device.policy +++ b/seccomp/arm/9p_device.policy @@ -54,3 +54,4 @@ ftruncate64: 1 fchown: arg1 == 0xffffffff && arg2 == 0xffffffff statfs64: 1 fstatat64: 1 +getpid: 1 diff --git a/seccomp/arm/9s.policy b/seccomp/arm/9s.policy index 153cf93..5e96803 100644 --- a/seccomp/arm/9s.policy +++ b/seccomp/arm/9s.policy @@ -61,3 +61,4 @@ rmdir: 1 fchown: arg1 == 0xffffffff && arg2 == 0xffffffff mremap: 1 fstatat64: 1 +prlimit64: arg2 == 0 && arg3 != 0 diff --git a/seccomp/x86_64/9s.policy b/seccomp/x86_64/9s.policy index 400cca3..33590a8 100644 --- a/seccomp/x86_64/9s.policy +++ b/seccomp/x86_64/9s.policy @@ -60,3 +60,4 @@ mkdir: 1 mremap: 1 rename: 1 newfstatat: 1 +prlimit64: arg2 == 0 && arg3 != 0 diff --git a/tests/plugin.policy b/tests/plugin.policy index 460515d..a3ab2f7 100644 --- a/tests/plugin.policy +++ b/tests/plugin.policy @@ -40,6 +40,7 @@ memfd_create: 1 mmap: 1 open: 1 openat: 1 +prlimit64: arg2 == 0 && arg3 != 0 recvmsg: 1 restart_syscall: 1 rt_sigaction: 1 |