summary refs log tree commit diff
path: root/seccomp
diff options
context:
space:
mode:
authorDrew Davenport <ddavenport@chromium.org>2019-03-21 15:26:27 -0600
committerchrome-bot <chrome-bot@chromium.org>2019-04-09 06:19:59 -0700
commit1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573 (patch)
treeffd70b926ba240a6bfec335c1d68f29f4807c814 /seccomp
parent2a01b4d2dff85f00f674f4dd5a6158147f9d20f9 (diff)
downloadcrosvm-1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573.tar
crosvm-1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573.tar.gz
crosvm-1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573.tar.bz2
crosvm-1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573.tar.lz
crosvm-1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573.tar.xz
crosvm-1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573.tar.zst
crosvm-1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573.zip
seccomp: Whitelist syscalls for grunt gpu
BUG=b:127868532
TEST=`vmc start --enable-gpu termina` succeeds

Change-Id: Ibf18cce93ab98f5008bdada3387ee27eb6f79e61
Reviewed-on: https://chromium-review.googlesource.com/1534959
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Drew Davenport <ddavenport@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
Diffstat (limited to 'seccomp')
-rw-r--r--seccomp/x86_64/gpu_device.policy5
1 files changed, 5 insertions, 0 deletions
diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
index 57ba07e..233f00f 100644
--- a/seccomp/x86_64/gpu_device.policy
+++ b/seccomp/x86_64/gpu_device.policy
@@ -64,3 +64,8 @@ readlink: 1
 socket: arg0 == 1 && arg1 == 0x80001 && arg2 == 0
 stat: 1
 sysinfo: 1
+
+# Rules specific to AMD gpus.
+uname: 1
+sched_setscheduler: 1
+sched_setaffinity: 1
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-30 06:24:32 +0000