From bfbe8880418957e22af2ede1dbffc3c16a017c42 Mon Sep 17 00:00:00 2001
From: Zach Reizner <zachr@google.com>
Date: Thu, 5 Dec 2019 18:56:01 +1100
Subject: seccomp: move gettid to common_device.policy

The gettid syscall is used in some corners of glibc and it is a fairly
harmless syscall (we already give getpid), so this change moves it to
the common policy.

TEST=None
BUG=chromium:996938

Change-Id: I129644273f2f02fe917255c7157c48b99c329045
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1952565
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Auto-Submit: Zach Reizner <zachr@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Zach Reizner <zachr@chromium.org>
---
 seccomp/arm/common_device.policy    | 1 +
 seccomp/arm/xhci.policy             | 1 -
 seccomp/x86_64/common_device.policy | 1 +
 seccomp/x86_64/xhci.policy          | 1 -
 4 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'seccomp')

diff --git a/seccomp/arm/common_device.policy b/seccomp/arm/common_device.policy
index 7340145..d7c1b80 100644
--- a/seccomp/arm/common_device.policy
+++ b/seccomp/arm/common_device.policy
@@ -15,6 +15,7 @@ exit: 1
 exit_group: 1
 futex: 1
 getpid: 1
+gettid: 1
 gettimeofday: 1
 kill: 1
 madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
diff --git a/seccomp/arm/xhci.policy b/seccomp/arm/xhci.policy
index 34c0b40..e13d468 100644
--- a/seccomp/arm/xhci.policy
+++ b/seccomp/arm/xhci.policy
@@ -14,7 +14,6 @@ getdents64: 1
 getrandom: 1
 name_to_handle_at: 1
 access: 1
-gettid: 1
 clock_gettime: 1
 timerfd_create: 1
 getsockname: 1
diff --git a/seccomp/x86_64/common_device.policy b/seccomp/x86_64/common_device.policy
index 81ebb18..ad9ed38 100644
--- a/seccomp/x86_64/common_device.policy
+++ b/seccomp/x86_64/common_device.policy
@@ -15,6 +15,7 @@ exit: 1
 exit_group: 1
 futex: 1
 getpid: 1
+gettid: 1
 gettimeofday: 1
 kill: 1
 madvise: arg2 == MADV_DONTNEED || arg2 == MADV_DONTDUMP || arg2 == MADV_REMOVE
diff --git a/seccomp/x86_64/xhci.policy b/seccomp/x86_64/xhci.policy
index 98e3335..df4acef 100644
--- a/seccomp/x86_64/xhci.policy
+++ b/seccomp/x86_64/xhci.policy
@@ -7,7 +7,6 @@ openat: 1
 @include /usr/share/policy/crosvm/common_device.policy
 
 lstat: 1
-gettid: 1
 readlink: 1
 readlinkat: 1
 timerfd_create: 1
-- 
cgit 1.4.1