mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-28 17:44:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/seccomp/x86_64/gpu_render_server.policy

19 lines
521 B
Text
Raw Normal View History

devices: gpu: add render server support When "--gpu-render-server path=<path>" is specified, start the render server shipped with virglrenderer and initialize virglrenderer with VIRGLRENDERER_MULTI_PROCESS flag. The flag makes virgl_renderer_context_create_with_flags create proxy contexts instead of venus contexts. Each proxy context requests the render server to fork a subprocess and executes GPU commands in the subprocess. BUG=b:177267762 TEST=run vk and gl apps on volteer Change-Id: If5e2dc3353572cadb60b0c25a3e0ad14f633db91 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3283508 Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Chia-I Wu <olv@google.com>
2021-11-10 19:45:32 +00:00
# Copyright 2021 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
@include /usr/share/policy/crosvm/gpu_common.policy
seccomp: allow waitid in gpu_renderer_server virglrender changed from waitpid to waitid. BUG=b:177267762 TEST=run vk and gl apps on volteer Change-Id: If056776d934e0c2376d316dcfe37ff2c168933f3 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3331738 Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Chia-I Wu <olv@google.com>
2021-12-11 01:27:43 +00:00
# allow fork() and waitid()
devices: gpu: add render server support When "--gpu-render-server path=<path>" is specified, start the render server shipped with virglrenderer and initialize virglrenderer with VIRGLRENDERER_MULTI_PROCESS flag. The flag makes virgl_renderer_context_create_with_flags create proxy contexts instead of venus contexts. Each proxy context requests the render server to fork a subprocess and executes GPU commands in the subprocess. BUG=b:177267762 TEST=run vk and gl apps on volteer Change-Id: If5e2dc3353572cadb60b0c25a3e0ad14f633db91 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3283508 Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Chia-I Wu <olv@google.com>
2021-11-10 19:45:32 +00:00
clone: 1
seccomp: allow waitid in gpu_renderer_server virglrender changed from waitpid to waitid. BUG=b:177267762 TEST=run vk and gl apps on volteer Change-Id: If056776d934e0c2376d316dcfe37ff2c168933f3 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3331738 Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Chia-I Wu <olv@google.com>
2021-12-11 01:27:43 +00:00
waitid: 1
devices: gpu: add render server support When "--gpu-render-server path=<path>" is specified, start the render server shipped with virglrenderer and initialize virglrenderer with VIRGLRENDERER_MULTI_PROCESS flag. The flag makes virgl_renderer_context_create_with_flags create proxy contexts instead of venus contexts. Each proxy context requests the render server to fork a subprocess and executes GPU commands in the subprocess. BUG=b:177267762 TEST=run vk and gl apps on volteer Change-Id: If5e2dc3353572cadb60b0c25a3e0ad14f633db91 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3283508 Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Chia-I Wu <olv@google.com>
2021-11-10 19:45:32 +00:00
gpu: allow syslog from the render server BUG=b:177267762 TEST=run vk and gl apps on volteer Change-Id: I6fe2ce831eb671fedd1c0aa749066c41d181d152 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3335301 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Commit-Queue: Chia-I Wu <olv@google.com>
2021-12-13 20:10:22 +00:00
# allow SOCK_STREAM and SOCK_DGRAM (syslog)
socket: arg0 == AF_UNIX && arg2 == 0
devices: gpu: add render server support When "--gpu-render-server path=<path>" is specified, start the render server shipped with virglrenderer and initialize virglrenderer with VIRGLRENDERER_MULTI_PROCESS flag. The flag makes virgl_renderer_context_create_with_flags create proxy contexts instead of venus contexts. Each proxy context requests the render server to fork a subprocess and executes GPU commands in the subprocess. BUG=b:177267762 TEST=run vk and gl apps on volteer Change-Id: If5e2dc3353572cadb60b0c25a3e0ad14f633db91 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3283508 Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Chia-I Wu <olv@google.com>
2021-11-10 19:45:32 +00:00
# allow socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC)
socketpair: arg0 == AF_UNIX && arg1 == SOCK_SEQPACKET|SOCK_CLOEXEC && arg2 == 0
gpu_render_server: allow syslog and signalfd again BUG=b:211008411 BUG=b:210908665 TEST=venus on kukui-arc-r and emerge on trogdor64 Change-Id: I5773363857779ecd6c563af331ff7e96dd7f10e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3352664 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Dennis Kempin <denniskempin@google.com> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> Commit-Queue: Chia-I Wu <olv@google.com>
2021-12-16 19:45:36 +00:00
# allow signalfd()
signalfd4: 1
Reference in a new issue Copy permalink