diff options
| author | Yunlian Jiang <yunlian@google.com> | 2018-10-19 12:04:45 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-10-21 05:25:01 -0700 |
| commit | a70445aa3b7bfef71b7ee888eaf614c83ded3c59 (patch) | |
| tree | 0de12fcb2d148ad2fb9af2cf32ef9bd0b1533212 /seccomp/x86_64 | |
| parent | 8eceba31c0d2842d8d7bfaa84253121709b1ee81 (diff) | |
| download | crosvm-a70445aa3b7bfef71b7ee888eaf614c83ded3c59.tar crosvm-a70445aa3b7bfef71b7ee888eaf614c83ded3c59.tar.gz crosvm-a70445aa3b7bfef71b7ee888eaf614c83ded3c59.tar.bz2 crosvm-a70445aa3b7bfef71b7ee888eaf614c83ded3c59.tar.lz crosvm-a70445aa3b7bfef71b7ee888eaf614c83ded3c59.tar.xz crosvm-a70445aa3b7bfef71b7ee888eaf614c83ded3c59.tar.zst crosvm-a70445aa3b7bfef71b7ee888eaf614c83ded3c59.zip | |
crosvm: add openat to seccomp
This adds openat to a seccomp policy file if open is already there. We need this because glibc 2.25 changed it system call for open(). BUG=chromium:894614 TEST=None Change-Id: Ie5b45d858e8d9ea081fd7bfda81709bda048d965 Reviewed-on: https://chromium-review.googlesource.com/1292129 Commit-Ready: Yunlian Jiang <yunlian@chromium.org> Tested-by: Yunlian Jiang <yunlian@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Diffstat (limited to 'seccomp/x86_64')
| -rw-r--r-- | seccomp/x86_64/9p_device.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/9s.policy | 1 | ||||
| -rw-r--r-- | seccomp/x86_64/gpu_device.policy | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/seccomp/x86_64/9p_device.policy b/seccomp/x86_64/9p_device.policy index 6a9d64a..f86d7b3 100644 --- a/seccomp/x86_64/9p_device.policy +++ b/seccomp/x86_64/9p_device.policy @@ -12,6 +12,7 @@ stat: 1 lstat: 1 close: 1 open: 1 +openat: 1 fstat: 1 # ioctl(fd, FIOCLEX, 0) is equivalent to fcntl(fd, F_SETFD, FD_CLOEXEC). ioctl: arg1 == FIOCLEX diff --git a/seccomp/x86_64/9s.policy b/seccomp/x86_64/9s.policy index 22600bf..400cca3 100644 --- a/seccomp/x86_64/9s.policy +++ b/seccomp/x86_64/9s.policy @@ -7,6 +7,7 @@ write: 1 lstat: 1 stat: 1 open: 1 +openat: 1 close: 1 fstat: 1 getdents: 1 diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy index de16d39..691060a 100644 --- a/seccomp/x86_64/gpu_device.policy +++ b/seccomp/x86_64/gpu_device.policy @@ -3,6 +3,7 @@ # found in the LICENSE file. open: 1 +openat: 1 close: 1 sigaltstack: 1 munmap: 1 |