Skip to content

GitLab

T
tangled
Commit 001e0a24 authored by Drew Davenport's avatar Drew Davenport Committed by Commit Bot
Browse files
Options

sandbox/linux: Allow prlimit64 

This is called in Debug builds when initializing the GPU process:

 0x5620120abcfc sandbox::Trap::SigSysAction()
 0x7b1559a70ab0 <unknown>
 0x7b155865ae80 __getrlimit
 0x56200dd02039 base::AssertMemoryIsReadOnly()
 0x56200dd00dd5 base::AutoWritableMemory::AutoWritableMemory()
 0x56200dd01a17 base::AutoWritableMemory::Create<>()
 0x5620105343bf gl::SetGLGetProcAddressProc()
 0x56200526dde4 ui::(anonymous namespace)::LoadEGLGLES2Bindings()
 0x56200526d9b4 ui::LoadDefaultEGLGLES2Bindings()
 0x5620051fa447 ui::(anonymous namespace)::GLOzoneEGLGbm::LoadGLES2Bindings()
 0x56200526e2dc ui::GLOzoneEGL::InitializeStaticGLBindings()
 0x562010d78287 gl::init::InitializeStaticGLBindings()
 0x562010d72e8f gl::init::InitializeGLOneOffImplementation()
 0x562010d72c95 gl::init::(anonymous namespace)::InitializeGLOneOffHelper()
 0x562010d72df0 gl::init::InitializeGLNoExtensionsOneOff()
 0x562010fc594c gpu::GpuInit::InitializeAndStartSandbox()
 0x56201b3f43bb content::GpuMain()
 0x56200ca83652 content::RunOtherNamedProcessTypeMain()
 0x56200ca85619 content::ContentMainRunnerImpl::Run()
 0x56200ca7a88c content::ContentServiceManagerMainDelegate::RunEmbedderProcess()
 0x56200ca9a0ba service_manager::Main()
 0x56200ca80d83 content::ContentMain()
 0x562002f9f298 ChromeMain
 0x562002f9f182 main

BUG=923570
TEST=Build and deploy debug build to grunt; get to login screen

Change-Id: I2c91e0bb3932dcb462b1e89123e0ea357abf93cb
Reviewed-on: https://chromium-review.googlesource.com/c/1448771Reviewed-by: default avatarJorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Drew Davenport <ddavenport@chromium.org>
Cr-Commit-Position: refs/heads/master@{#628450}
parent 098a07e4
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 0 deletions
services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc
View file @ 001e0a24
...@@ -58,6 +58,8 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const { ...@@ -58,6 +58,8 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
case __NR_sched_getaffinity: case __NR_sched_getaffinity:
case __NR_sched_setaffinity: case __NR_sched_setaffinity:
return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno); return sandbox::RestrictSchedTarget(GetPolicyPid(), sysno);
case __NR_prlimit64:
return sandbox::RestrictPrlimit64(GetPolicyPid());
default: default:
if (SyscallSets::IsEventFd(sysno)) if (SyscallSets::IsEventFd(sysno))
return Allow(); return Allow();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment