crosvm

mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-12-03 22:28:29 +00:00

Author	SHA1	Message	Date
Zach Reizner	bfbe888041	seccomp: move gettid to common_device.policy The gettid syscall is used in some corners of glibc and it is a fairly harmless syscall (we already give getpid), so this change moves it to the common policy. TEST=None BUG=chromium:996938 Change-Id: I129644273f2f02fe917255c7157c48b99c329045 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1952565 Tested-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Auto-Submit: Zach Reizner <zachr@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Zach Reizner <zachr@chromium.org>	2019-12-06 03:21:11 +00:00
Zach Reizner	2ea297ac76	seccomp: add sendto, writev, and readv to common seccomp policies Using syslog from glibc will use some syscalls we haven't seen before, leading to the process getting killed. This change fixes that. TEST=use syslog from C BUG=chromium:988082 Change-Id: I4cfb317a8faf70188995487f4fa844229683d6d1 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1721616 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Commit-Queue: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com>	2019-07-27 03:50:22 +00:00
Zach Reizner	a60744b42e	crosvm: use seqpacket rather than datagram sockets The advantage of seqpacket is that they are connection oriented. A listener can be created that accepts new connections, useful for the path based VM control sockets. Previously, the only bidirectional sockets in crosvm were either stream based or made using socketpair. This change also whitelists sendmsg and recvmsg for the common device policy. TEST=cargo test BUG=chromium:848187 Change-Id: I83fd46f54bce105a7730632cd013b5e7047db22b Reviewed-on: https://chromium-review.googlesource.com/1470917 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>	2019-02-28 03:24:24 -08:00
Zach Reizner	bae43dd4c9	seccomp: refactor policy into common_device.policy CQ-DEPEND=CL:1449895 BUG=None TEST=vmc start termina Change-Id: Ia3edaafc1d2958bd40e6b1adc89dd5e29b679b06 Reviewed-on: https://chromium-review.googlesource.com/1448292 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>	2019-02-07 03:02:12 -08:00

4 commits