diff options
author | Matt Delco <delco@chromium.org> | 2020-01-31 17:29:45 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-02-04 23:27:21 +0000 |
commit | 8488a0bbbb5828eb0cea77f4081ceecec0119707 (patch) | |
tree | 75885ce273ea6f9e819576e09bc9f99e3a79f18e /seccomp/aarch64/fs_device.policy | |
parent | 055de38fcf1159c7b3ce3e05b8ec0fcf07f635dc (diff) | |
download | crosvm-8488a0bbbb5828eb0cea77f4081ceecec0119707.tar crosvm-8488a0bbbb5828eb0cea77f4081ceecec0119707.tar.gz crosvm-8488a0bbbb5828eb0cea77f4081ceecec0119707.tar.bz2 crosvm-8488a0bbbb5828eb0cea77f4081ceecec0119707.tar.lz crosvm-8488a0bbbb5828eb0cea77f4081ceecec0119707.tar.xz crosvm-8488a0bbbb5828eb0cea77f4081ceecec0119707.tar.zst crosvm-8488a0bbbb5828eb0cea77f4081ceecec0119707.zip |
seccomp: remove redundant unconditional arm/arm64 rules
Minijail's policy compiler complains when there's multiple unconditional rules for a syscall. In most cases the rules are redundant to common_device.policy. BUG=None TEST=Ran compile_seccomp_policy.py until it stopped complaining. Change-Id: Ic43d1fd13f9c012641d71e526942229eb8b08ed4 Signed-off-by: Matt Delco <delco@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2034024 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Dylan Reid <dgreid@chromium.org>
Diffstat (limited to 'seccomp/aarch64/fs_device.policy')
-rw-r--r-- | seccomp/aarch64/fs_device.policy | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/seccomp/aarch64/fs_device.policy b/seccomp/aarch64/fs_device.policy index 7e0c015..5199092 100644 --- a/seccomp/aarch64/fs_device.policy +++ b/seccomp/aarch64/fs_device.policy @@ -2,8 +2,6 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. -openat: 1 - @include /usr/share/policy/crosvm/common_device.policy fchmodat: 1 @@ -20,6 +18,7 @@ linkat: 1 lseek: 1 mkdirat: 1 mknodat: 1 +openat: 1 preadv: 1 pwritev: 1 readlinkat: 1 |