diff options
| -rw-r--r-- | seccomp/arm/pmem_device.policy | 8 | ||||
| -rw-r--r-- | seccomp/x86_64/pmem_device.policy | 8 | ||||
| -rw-r--r-- | src/linux.rs | 3 |
3 files changed, 17 insertions, 2 deletions
diff --git a/seccomp/arm/pmem_device.policy b/seccomp/arm/pmem_device.policy new file mode 100644 index 0000000..b3cd64d --- /dev/null +++ b/seccomp/arm/pmem_device.policy @@ -0,0 +1,8 @@ +# Copyright 2019 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +@include /usr/share/policy/crosvm/common_device.policy + +fdatasync: 1 +fsync: 1 diff --git a/seccomp/x86_64/pmem_device.policy b/seccomp/x86_64/pmem_device.policy new file mode 100644 index 0000000..b3cd64d --- /dev/null +++ b/seccomp/x86_64/pmem_device.policy @@ -0,0 +1,8 @@ +# Copyright 2019 The Chromium OS Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +@include /usr/share/policy/crosvm/common_device.policy + +fdatasync: 1 +fsync: 1 diff --git a/src/linux.rs b/src/linux.rs index 9de014a..2fe1d5b 100644 --- a/src/linux.rs +++ b/src/linux.rs @@ -764,8 +764,7 @@ fn create_pmem_device( Ok(VirtioDeviceStub { dev: Box::new(dev) as Box<dyn VirtioDevice>, - /// TODO(jstaron) Create separate device policy for pmem_device. - jail: simple_jail(&cfg, "block_device.policy")?, + jail: simple_jail(&cfg, "pmem_device.policy")?, }) } |