diff options
author | Zach Reizner <zachr@google.com> | 2018-01-05 19:59:54 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-01-06 02:19:37 -0800 |
commit | a0ce5322f7ad0c5d2edfa60764383351c15fa7b5 (patch) | |
tree | 39d68050685f5f8ed45ad23d9263dee3af7616c8 /seccomp/x86_64 | |
parent | 293c61cf11f0894bbdc9e8ee7a9ebaf5c667791e (diff) | |
download | crosvm-a0ce5322f7ad0c5d2edfa60764383351c15fa7b5.tar crosvm-a0ce5322f7ad0c5d2edfa60764383351c15fa7b5.tar.gz crosvm-a0ce5322f7ad0c5d2edfa60764383351c15fa7b5.tar.bz2 crosvm-a0ce5322f7ad0c5d2edfa60764383351c15fa7b5.tar.lz crosvm-a0ce5322f7ad0c5d2edfa60764383351c15fa7b5.tar.xz crosvm-a0ce5322f7ad0c5d2edfa60764383351c15fa7b5.tar.zst crosvm-a0ce5322f7ad0c5d2edfa60764383351c15fa7b5.zip |
wl: fix seccomp filter for memfd_create
The memfd_create flags changed with "add memfd seal support", which breaks the seccomp filter for the wayland device. TEST=run a wayland app in crosvm BUG=chromium:799523 Change-Id: I266e305bc3179a7b9fd105a684de92e944fe1fc6 Reviewed-on: https://chromium-review.googlesource.com/852937 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
Diffstat (limited to 'seccomp/x86_64')
-rw-r--r-- | seccomp/x86_64/wl_device.policy | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/seccomp/x86_64/wl_device.policy b/seccomp/x86_64/wl_device.policy index c804357..bc1ebb6 100644 --- a/seccomp/x86_64/wl_device.policy +++ b/seccomp/x86_64/wl_device.policy @@ -28,8 +28,8 @@ connect: arg2 == 13 # Used to communicate with wayland recvmsg: 1 sendmsg: 1 -# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC -memfd_create: arg1 == 1 +# Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING +memfd_create: arg1 == 3 # Used to set of size new memfd ftruncate: 1 # Used to determine shm size after recvmsg with fd |