diff options
author | David Riley <davidriley@chromium.org> | 2019-07-24 17:22:50 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-08-01 19:34:05 +0000 |
commit | 54e660ba8b912cf9c1fe7837cd42d21b9cfe9133 (patch) | |
tree | c6f773579a1e00b4b27c92848db2a711906026ed /src/linux.rs | |
parent | 06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c (diff) | |
download | crosvm-54e660ba8b912cf9c1fe7837cd42d21b9cfe9133.tar crosvm-54e660ba8b912cf9c1fe7837cd42d21b9cfe9133.tar.gz crosvm-54e660ba8b912cf9c1fe7837cd42d21b9cfe9133.tar.bz2 crosvm-54e660ba8b912cf9c1fe7837cd42d21b9cfe9133.tar.lz crosvm-54e660ba8b912cf9c1fe7837cd42d21b9cfe9133.tar.xz crosvm-54e660ba8b912cf9c1fe7837cd42d21b9cfe9133.tar.zst crosvm-54e660ba8b912cf9c1fe7837cd42d21b9cfe9133.zip |
gpu: Add sandboxing support for pvr.
BUG=chromium:892280 TEST=glxgears with virtio-gpu on hana Change-Id: Ib92b21c124e30eacb3fc28558e2eb5d8d4a92567 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1717739 Tested-by: kokoro <noreply+kokoro@google.com> Tested-by: David Riley <davidriley@chromium.org> Commit-Queue: David Riley <davidriley@chromium.org> Reviewed-by: Zach Reizner <zachr@chromium.org> Auto-Submit: David Riley <davidriley@chromium.org>
Diffstat (limited to 'src/linux.rs')
-rw-r--r-- | src/linux.rs | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/linux.rs b/src/linux.rs index 46dc480..56750ae 100644 --- a/src/linux.rs +++ b/src/linux.rs @@ -623,6 +623,15 @@ fn create_gpu_device( add_crosvm_user_to_jail(&mut jail, "gpu")?; + // pvr driver requires read access to /proc/self/task/*/comm. + let proc_path = Path::new("/proc"); + jail.mount( + proc_path, + proc_path, + "proc", + (libc::MS_NOSUID | libc::MS_NODEV | libc::MS_NOEXEC | libc::MS_RDONLY) as usize, + )?; + Some(jail) } None => None, |