diff options
author | Zach Reizner <zachr@google.com> | 2018-04-03 20:47:21 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-04-04 22:53:21 -0700 |
commit | 043ddc5c0d281e027f23db049788db29f2fedbe6 (patch) | |
tree | 21823b9fd3039a5601698b565040f12355bb7281 /src/linux.rs | |
parent | a7fae252b05b617fd27f58b9bba8122d18154ccb (diff) | |
download | crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.gz crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.bz2 crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.lz crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.xz crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.zst crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.zip |
crosvm: enable seccomp logging in debug builds
This will be useful for diagnosing crosvm crashes which are most often caused by seccomp killing a device process. TEST=delete a seccomp filter, run crosvm, check for blocked syscall in /var/log/messages BUG=None Change-Id: I1e01a0794f0349e6ad9b101eb2e32320f60b1283 Reviewed-on: https://chromium-review.googlesource.com/994737 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
Diffstat (limited to 'src/linux.rs')
-rw-r--r-- | src/linux.rs | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/linux.rs b/src/linux.rs index 1911899..90a2c4d 100644 --- a/src/linux.rs +++ b/src/linux.rs @@ -199,6 +199,8 @@ fn create_base_minijail(root: &Path, seccomp_policy: &Path) -> Result<Minijail> // Use TSYNC only for the side effect of it using SECCOMP_RET_TRAP, which will correctly kill // the entire device process if a worker thread commits a seccomp violation. j.set_seccomp_filter_tsync(); + #[cfg(debug_assertions)] + j.log_seccomp_filter_failures(); j.parse_seccomp_filters(seccomp_policy) .map_err(|e| Error::DeviceJail(e))?; j.use_seccomp_filter(); |