Change to minijail seccomp policy validator
25 views
Skip to first unread message
Nicole Anderson-Au
Dec 11, 2020, 2:17:50 PM12/11/20
to Chromium OS Development
Keep reading if you use minijail seccomp policies
This change added validation logic to the minijail seccomp policy parser that ensures that seccomp policy files and included files do not redefine syscalls. E.g. each syscall is defined only once in each file and no syscall policy is defined that is already defined in an included seccomp policy file. This feature is currently only warning and not failing on Android, but will cause seccomp parsing failures on Chrome OS. Please direct any questions to nvaa@ and jorgelo@.
Thanks,
Nicole
This change added validation logic to the minijail seccomp policy parser that ensures that seccomp policy files and included files do not redefine syscalls. E.g. each syscall is defined only once in each file and no syscall policy is defined that is already defined in an included seccomp policy file. This feature is currently only warning and not failing on Android, but will cause seccomp parsing failures on Chrome OS. Please direct any questions to nvaa@ and jorgelo@.
Thanks,
Nicole
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages