mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-24 20:48:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/swap/Cargo.toml
Shintaro Kawamura 85a4efdbad swap: use create_sandbox_minijail for the monitor process 
The monitor process uses the `jail` crate which devices use to create
sandbox.

The syscalls listed in the seccomp filter policy file is originally
generated from a profile by strace. Also there are additional syscalls
from common_device.policy:

* another variant of syscalls in the profile
  * clone, dup, readlinkat
* the basic set which will be added by minijail compiler anyway.
  * restart_syscall, exit, exit_group, rt_sigreturn
* syscalls appears only on DUT (not workstation).
  * set_robust_list, sigaltstack, rseq

Used `common_device.policy` as a reference for syscalls which require
detailed conditions (e.g. clone, mmap, openat, etc).

This adds seccomp filter policy only for x86_64. The policy files for
other architectures will be added later.

BUG=b:258351526
TEST=manually tested

Change-Id: I3e584449ed9330a57ae1d2bd6c56a7554b6584ef
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4253073
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: David Stevens <stevensd@chromium.org>
Commit-Queue: Shin Kawamura <kawasin@google.com>
2023-03-02 00:42:35 +00:00

39 lines
880 B
TOML
Raw Blame History

[package]
name = "swap"
version = "0.1.0"
authors = ["The ChromiumOS Authors"]
edition = "2021"
# The process tests will use fork, which requires a custom test harness to enforce single threaded
# execution.
[[test]]
name = "main"
path = "tests/main.rs"
harness = false
[features]
trace_marker = ["cros_tracing/trace_marker"]
log_page_fault = []
[target.'cfg(unix)'.dependencies]
anyhow = "*"
base = { path = "../base" }
cros_tracing = { path = "../cros_tracing" }
data_model = { path = "../common/data_model" }
jail = { path = "../jail"}
libc = "*"
num_cpus = "*"
once_cell = "*"
remain = "*"
serde = { version = "1", features = [ "derive" ] }
serde_json = "*"
sync = { path = "../common/sync" } # provided by ebuild
tempfile = "*"
thiserror = "*"
userfaultfd-sys = "0.4.2"
userfaultfd = "0.5.0"
vm_memory = { path = "../vm_memory"}
[dev_dependencies]
libtest-mimic = "0.6"
Reference in a new issue View git blame Copy permalink