New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 852235 link

Starred by 2 users
Status: Fixed
Owner:
lhchavez@chromium.org
Last visit 15 days ago
Closed: Oct 22
Cc:
lhchavez@chromium.org
vapier@chromium.org
jorgelo@chromium.org
hashimoto@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

generate_seccomp_policy.py should generate more efficient policy

Project Member Reported by hashimoto@chromium.org, Jun 13 2018 
With the current implementation, minijail's generate_seccomp_policy.py generates policy like this:
  mmap: arg2 == PROT_READ || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE

This is inefficient because it performs 4 additional checks on every mmap syscall.
generate_seccomp_policy.py should be fixed to output more efficient policy.

Comment 1 by llozano@chromium.org, Jun 13 2018 

why does this have ChromeOS-Toolchain as component?

Comment 2 by jorgelo@chromium.org, Jun 13 2018

Components: -Tools>ChromeOS-Toolchain Security
Yeah that's not the right component.

Comment 3 by vapier@chromium.org, Jun 21 2018

Components: OS>Systems>Minijail

Comment 4 by benhenry@chromium.org, Aug 2

Status: Assigned (was: Available)

Comment 5 by lhchavez@chromium.org, Oct 16

Cc: hashimoto@chromium.org
Owner: lhchavez@chromium.org
Status: Started (was: Assigned)

Comment 7 by lhchavez@chromium.org, Oct 22

Status: Fixed (was: Started)

Sign in to add a comment