New issue
Advanced search Search tips

Issue 885238 link

Starred by 3 users
Status: Fixed
Owner:
dverkamp@chromium.org
Closed: Sep 20
Cc:
jkardatzke@chromium.org
chirantan@chromium.org
smbar...@chromium.org
dverkamp@chromium.org
dgreid@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

crosvm fails to start with sandbox enabled (timerfd syscalls missing from seccomp filter)

Project Member Reported by dverkamp@chromium.org, Sep 18 
https://chromium-review.googlesource.com/1214442 introduced calls to timerfd_create(), timerfd_gettime() and timerfd_settime() syscalls within the block device, but they were not added to the seccomp whitelist.  This causes crosvm to crash when run in multiprocess mode.
Project Member

Comment 1 by bugdroid1@chromium.org, Sep 19 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/crosvm/+/616a093d9197cbca23d3fa585520c674e19d917a

commit 616a093d9197cbca23d3fa585520c674e19d917a
Author: Daniel Verkamp <dverkamp@chromium.org>
Date: Wed Sep 19 22:40:06 2018

devices: block: allow timerfd syscalls in seccomp

"devices: block: Flush a minute after a write" introduced new timerfd_
syscalls into the block device but did not add them to the seccomp
whitelist.

BUG= chromium:885238 
TEST=Run crosvm in multiprocess mode and verify that it boots

Change-Id: I1568946c64d86ab7dba535a430a8cbe235f64454
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1231513
Commit-Ready: Dylan Reid <dgreid@chromium.org>
Tested-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>

[modify] https://crrev.com/616a093d9197cbca23d3fa585520c674e19d917a/seccomp/x86_64/block_device.policy
[modify] https://crrev.com/616a093d9197cbca23d3fa585520c674e19d917a/seccomp/arm/block_device.policy

Comment 2 by dverkamp@chromium.org, Sep 20

Cc: dverkamp@chromium.org smbar...@chromium.org jkardatzke@chromium.org chirantan@chromium.org
 Issue 885228  has been merged into this issue.

Comment 3 by dverkamp@chromium.org, Sep 20

Status: Fixed (was: Started)

Sign in to add a comment