From 1f9ae42c73c020ca77c7c0fbe2e09be3b90fe573 Mon Sep 17 00:00:00 2001
From: Drew Davenport <ddavenport@chromium.org>
Date: Thu, 21 Mar 2019 15:26:27 -0600
Subject: seccomp: Whitelist syscalls for grunt gpu

BUG=b:127868532
TEST=`vmc start --enable-gpu termina` succeeds

Change-Id: Ibf18cce93ab98f5008bdada3387ee27eb6f79e61
Reviewed-on: https://chromium-review.googlesource.com/1534959
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Drew Davenport <ddavenport@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: David Riley <davidriley@chromium.org>
---
 seccomp/x86_64/gpu_device.policy | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'seccomp')

diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy
index 57ba07e..233f00f 100644
--- a/seccomp/x86_64/gpu_device.policy
+++ b/seccomp/x86_64/gpu_device.policy
@@ -64,3 +64,8 @@ readlink: 1
 socket: arg0 == 1 && arg1 == 0x80001 && arg2 == 0
 stat: 1
 sysinfo: 1
+
+# Rules specific to AMD gpus.
+uname: 1
+sched_setscheduler: 1
+sched_setaffinity: 1
-- 
cgit 1.4.1