From 8e1f220c6901c104b95a7e4d3d8fabae7efdd4ce Mon Sep 17 00:00:00 2001 From: Alexandre Courbot Date: Wed, 2 Aug 2023 12:37:19 +0900 Subject: [PATCH] devices: video: update jail settings to support VAAPI backend VAAPI requires one more system call and access to the mesa drivers on the host. BUG=b:262824148 TEST=presubmit Change-Id: I8c382472675d61365167ec2a8a3f1544e35858c4 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4744561 Auto-Submit: Alexandre Courbot Commit-Queue: Keiichi Watanabe Reviewed-by: Keiichi Watanabe --- jail/seccomp/x86_64/video_device.policy | 3 +++ src/crosvm/sys/unix/device_helpers.rs | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/jail/seccomp/x86_64/video_device.policy b/jail/seccomp/x86_64/video_device.policy index e2d97a4550..f0405f0f59 100644 --- a/jail/seccomp/x86_64/video_device.policy +++ b/jail/seccomp/x86_64/video_device.policy @@ -103,3 +103,6 @@ prctl: arg0 == PR_SET_NAME userfaultfd: 1 # 0xc018aa3f == UFFDIO_API, 0xaa00 == USERFAULTFD_IOC_NEW ioctl: arg1 == 0xc018aa3f || arg1 == 0xaa00 + +# Required by VAAPI backend +access: 1 diff --git a/src/crosvm/sys/unix/device_helpers.rs b/src/crosvm/sys/unix/device_helpers.rs index 23895c4965..33a206c103 100644 --- a/src/crosvm/sys/unix/device_helpers.rs +++ b/src/crosvm/sys/unix/device_helpers.rs @@ -1019,7 +1019,7 @@ pub fn create_video_device( jail.mount_bind(sys_devices_path, sys_devices_path, false)?; // Required for loading dri libraries loaded by minigbm on AMD devices. - jail_mount_bind_if_exists(&mut jail, &["/usr/lib64"])?; + jail_mount_bind_if_exists(&mut jail, &["/usr/lib64", "/usr/lib"])?; } // Device nodes required by libchrome which establishes Mojo connection in libvda.