| From 6da03c4a5093e3fc9f09fa4c295e27b1df4d3091 Mon Sep 17 00:00:00 2001 |
| From: Lepton Wu <lepton@chromium.org> |
| Date: Fri, 6 Dec 2019 14:22:41 -0800 |
| Subject: [PATCH] betty-arcvm: Loose mprotect/mmap for software rendering |
| |
| betty-arcvm will use llvmpipe for graphics, and llvmpipe needs to |
| execute dynamically generated code. |
| |
| Change-Id: Ia7b213056e0bdcdfa2a2026f512dc39badaa04a1 |
| --- |
| seccomp/x86_64/gpu_device.policy | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| diff --git a/seccomp/x86_64/gpu_device.policy b/seccomp/x86_64/gpu_device.policy |
| index b98dbd2..bf0184c 100644 |
| --- a/seccomp/x86_64/gpu_device.policy |
| +++ b/seccomp/x86_64/gpu_device.policy |
| @@ -61,8 +61,8 @@ lstat: 1 |
| # Used for sharing memory with wayland. arg1 == MFD_CLOEXEC|MFD_ALLOW_SEALING |
| memfd_create: arg1 == 3 |
| # mmap/mprotect/open/openat differ from the common_device.policy |
| -mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ |
| -mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ |
| +mmap: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ|PROT_EXEC || arg2 == PROT_WRITE || arg2 == PROT_READ || arg2 == PROT_READ|PROT_WRITE|PROT_EXEC |
| +mprotect: arg2 == PROT_READ|PROT_WRITE || arg2 == PROT_NONE || arg2 == PROT_READ || arg2 == PROT_READ|PROT_EXEC |
| open: 1 |
| openat: 1 |
| readlink: 1 |
| -- |
| 2.24.1.735.g03f4e72817-goog |
| |