crosvm

mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-28 17:44:10 +00:00

History

Zihan Chen b233d7d60a crosvm: Embed seccomp filters into binary Seccomp policy files will now pre-compile to bpf bytecode for target architecture and embedded in the crosvm binary when not built for chrome os. When minijail is not checked out in crosvm tree as a submodule, MINIJAIL_DIR environment variable needs to be specified for the policy compiler to run. Integration tests are now sandbox enabled for better coverage. TEST=all tests passed, vm runs fine with sandbox on and no separate policy files present. cros deploy & crostini still works. BUG=b:235858187 FIXED=b:226975168 Change-Id: Ieaba4b3d7160ccb342a297ebc374894d19a8dc4d Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824062 Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Tested-by: Zihan Chen <zihanchen@google.com> Commit-Queue: Zihan Chen <zihanchen@google.com>	2022-09-08 21:12:55 +00:00
..
book	crosvm: Embed seccomp filters into binary	2022-09-08 21:12:55 +00:00

Zihan Chen b233d7d60a crosvm: Embed seccomp filters into binary

Seccomp policy files will now pre-compile to bpf bytecode for
target architecture and embedded in the crosvm binary when not
built for chrome os.
When minijail is not checked out in crosvm tree as a submodule,
MINIJAIL_DIR environment variable needs to be specified for the
policy compiler to run.
Integration tests are now sandbox enabled for better coverage.

TEST=all tests passed, vm runs fine with sandbox on and no separate
policy files present. cros deploy & crostini still works.
BUG=b:235858187
FIXED=b:226975168

Change-Id: Ieaba4b3d7160ccb342a297ebc374894d19a8dc4d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824062
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>

2022-09-08 21:12:55 +00:00

book

crosvm: Embed seccomp filters into binary

2022-09-08 21:12:55 +00:00