mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-25 05:03:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

jail: seccomp: fix missing syscall for fs on arm

Browse source 
The libc::getresuid() function uses the getresuid32 syscall on 32-bit
arm userspace (this allows for 32-bit uid_t instead of 16-bit uid_t),
resulting in a SIGSYS crash for seccomp syscall violation when the fs
device starts up.

BUG=b:319533848
BUG=b:231324557

Fixes: eeea9b93d2 ("devices: virtio: Skip setting SECBIT_NO_SETUID_FIXUP for regular user.")
Change-Id: Ifc1ed1526c7d9c9e8a831b4695a446ac392835f6
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/5193106
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Commit-Queue: Lepton Wu <lepton@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Lepton Wu <lepton@chromium.org>
This commit is contained in:
Daniel Verkamp 2024-01-12 11:27:16 -08:00 committed by crosvm LUCI
parent 289d16a0d6
commit 363d6138f3
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
jail/seccomp/arm/fs_device.policy
View file

@ -28,7 +28,7 @@ getdents64: 1
getegid32: 1 getegid32: 1
geteuid32: 1 geteuid32: 1
getrandom: 1 getrandom: 1
getresuid: 1 getresuid32: 1
# Use constants for verity ioctls since minijail doesn't understand them yet. # Use constants for verity ioctls since minijail doesn't understand them yet.
# 0x40806685 = FS_IOC_ENABLE_VERITY # 0x40806685 = FS_IOC_ENABLE_VERITY
# 0xc0046686 = FS_IOC_MEASURE_VERITY # 0xc0046686 = FS_IOC_MEASURE_VERITY