diff options
| author | David Riley <davidriley@chromium.org> | 2019-07-24 12:09:07 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-08-01 19:34:04 +0000 |
| commit | 06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c (patch) | |
| tree | d6a599b5d4f205f61f65e1340067d2dde1995b37 /src/linux.rs | |
| parent | 62c533c9a3c60a7fcee2d49d987f955b75a67c99 (diff) | |
| download | crosvm-06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c.tar crosvm-06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c.tar.gz crosvm-06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c.tar.bz2 crosvm-06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c.tar.lz crosvm-06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c.tar.xz crosvm-06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c.tar.zst crosvm-06787c5b6c0d1d878d7cef5f9fbdb14813c5e80c.zip | |
gpu: Add sandboxing support for mali/ARM.
ARM platforms have different library locations and also required GPU devices to be availble to the GPU process. BUG=chromium:892280 TEST=glxgears with virtio-gpu on kevin and nami Change-Id: If1baeb1edda76d057e88ab5e88ce22f02e5d30a0 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1717738 Reviewed-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Tested-by: David Riley <davidriley@chromium.org> Commit-Queue: David Riley <davidriley@chromium.org> Auto-Submit: David Riley <davidriley@chromium.org>
Diffstat (limited to 'src/linux.rs')
| -rw-r--r-- | src/linux.rs | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/linux.rs b/src/linux.rs index 58a0e10..46dc480 100644 --- a/src/linux.rs +++ b/src/linux.rs @@ -597,11 +597,25 @@ fn create_gpu_device( let drm_dri_path = Path::new("/dev/dri"); jail.mount_bind(drm_dri_path, drm_dri_path, false)?; + // If the ARM specific devices exist on the host, bind mount them in. + let mali0_path = Path::new("/dev/mali0"); + if mali0_path.exists() { + jail.mount_bind(mali0_path, mali0_path, true)?; + } + + let pvr_sync_path = Path::new("/dev/pvr_sync"); + if pvr_sync_path.exists() { + jail.mount_bind(pvr_sync_path, pvr_sync_path, true)?; + } + // Libraries that are required when mesa drivers are dynamically loaded. - let lib_path = Path::new("/lib64"); - jail.mount_bind(lib_path, lib_path, false)?; - let usr_lib_path = Path::new("/usr/lib64"); - jail.mount_bind(usr_lib_path, usr_lib_path, false)?; + let lib_dirs = &["/usr/lib", "/usr/lib64", "/lib", "/lib64"]; + for dir in lib_dirs { + let dir_path = Path::new(dir); + if dir_path.exists() { + jail.mount_bind(dir_path, dir_path, false)?; + } + } // Bind mount the wayland socket into jail's root. This is necessary since each // new wayland context must open() the socket. |