diff options
author | Zach Reizner <zachr@google.com> | 2018-04-03 20:47:21 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-04-04 22:53:21 -0700 |
commit | 043ddc5c0d281e027f23db049788db29f2fedbe6 (patch) | |
tree | 21823b9fd3039a5601698b565040f12355bb7281 /src/plugin/mod.rs | |
parent | a7fae252b05b617fd27f58b9bba8122d18154ccb (diff) | |
download | crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.gz crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.bz2 crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.lz crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.xz crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.tar.zst crosvm-043ddc5c0d281e027f23db049788db29f2fedbe6.zip |
crosvm: enable seccomp logging in debug builds
This will be useful for diagnosing crosvm crashes which are most often caused by seccomp killing a device process. TEST=delete a seccomp filter, run crosvm, check for blocked syscall in /var/log/messages BUG=None Change-Id: I1e01a0794f0349e6ad9b101eb2e32320f60b1283 Reviewed-on: https://chromium-review.googlesource.com/994737 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
Diffstat (limited to 'src/plugin/mod.rs')
-rw-r--r-- | src/plugin/mod.rs | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/plugin/mod.rs b/src/plugin/mod.rs index 2e810f0..85a0266 100644 --- a/src/plugin/mod.rs +++ b/src/plugin/mod.rs @@ -228,6 +228,8 @@ fn create_plugin_jail(root: &Path, seccomp_policy: &Path) -> Result<Minijail> { // Use TSYNC only for the side effect of it using SECCOMP_RET_TRAP, which will correctly kill // the entire plugin process if a worker thread commits a seccomp violation. j.set_seccomp_filter_tsync(); + #[cfg(debug_assertions)] + j.log_seccomp_filter_failures(); j.parse_seccomp_filters(seccomp_policy) .map_err(Error::ParseSeccomp)?; j.use_seccomp_filter(); |