seccomp: add clock_gettime gettid to gpu policy.

Some code path of mesa requires clock_gettime:
https://gitlab.freedesktop.org/mesa/mesa/blob/08f1cefecd84f851da6d90200bd7af0ecf5bf855/src/egl/drivers/dri2/egl_dri2.c#L3189

Also cxa_guard in llvm begin to call gettid from this CL:

https://llvm.googlesource.com/libcxxabi/+/57e82af58dd4515ab4885f32273268f34f757101

BUG=b:140078110
BUG=b:139318078
TEST=manual - boot arcvm

Change-Id: I258ae5b8d6f38886406acac6a0ac8ca8886a64af
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1773506
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Tested-by: Lepton Wu <lepton@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Lepton Wu <lepton@chromium.org>

1 files changed, 2 insertions, 0 deletions

diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
index ac7292d..b98dbd2 100644
--- a/seccomp/x86_64/gpu_device.policy
+++ b/seccomp/x86_64/gpu_device.policy
@@ -5,6 +5,7 @@
 # Rules from common_device.policy with some rules removed because they block certain flags needed
 # for gpu.
 brk: 1
+clock_gettime: 1
 clone: arg0 & CLONE_THREAD
 close: 1
 dup2: 1
@@ -17,6 +18,7 @@ exit: 1
 exit_group: 1
 futex: 1
 getpid: 1
+gettid: 1
 gettimeofday: 1
 kill: 1
 madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE