mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-28 17:44:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
88 commits 607 branches 2 tags 237 MiB
Commit graph

2 commits

Author SHA1 Message Date
Chirantan Ekbote
41d5b5b12a Put seccomp policy files in a common directory 
We will almost certainly require different seccomp policy files for
different architectures.  Move all the existing secommp policy files
into a common directory grouped by architecture.

This will make it easier to install them via the ebuild later.

BUG=none
TEST=none

Change-Id: I0495789cd4143dc374ee6ebe083dc20ce724edbb
Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/630058
Reviewed-by: Zach Reizner <zachr@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
 2017-08-25 19:54:16 -07:00
Dylan Reid
61edbbff53 crosvm: Put block device process in a minijail 
Run with the new seccomp filter and drop all capabilities.  In addition enter a
new user, mount, network, and ipc namespace.  Leave the mount namespace empty
after pivot-rooting to an empty directory.

Change-Id: Iee583cf260ede8ca13f005836684eb80c2c3ac3e
Signed-off-by: Dylan Reid <dgreid@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/515603
 2017-07-06 21:13:55 -07:00