Google Git
Sign in
chromium / chromiumos / third_party / upstart / fe338467eba987d11673e388c2a9246ac50682f1
commitfe338467eba987d11673e388c2a9246ac50682f1[log] [tgz]
authorNicole Anderson-Au <nvaa@google.com>Wed Jun 02 19:40:35 2021
committerCommit Bot <commit-bot@chromium.org>Tue Sep 14 12:19:03 2021
tree0958c0427a08778db237833d34c253f420ddf58b
parent2ea7a78e344514e1dfc3b4e7591c2726b5b95f90 [diff]
upstart: Add global seccomp policy mechanism

Add a global seccomp policy file to upstart that defines the global
denylist policy. Link the generated bpf file into upstart to be
used as the seccomp filter for all processes if the seccomp use flag is
set.

BUG=b:197662591
TEST=emerge and deploy and check that calling the blocked syscall throws
the expected error.

Cq-Depend: chromium:3119824
Change-Id: I74d5c8248cfdb1fcf38839916b0ebf57ef0e69e4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/upstart/+/2934717
Tested-by: Nicole Anderson-Au <nvaa@google.com>
Auto-Submit: Nicole Anderson-Au <nvaa@google.com>
Reviewed-by: Allen Webb <allenwebb@google.com>
Commit-Queue: Allen Webb <allenwebb@google.com>
7 files changed
tree: 0958c0427a08778db237833d34c253f420ddf58b
  1. conf/
  2. contrib/
  3. dbus/
  4. doc/
  5. extra/
  6. init/
  7. po/
  8. util/
  9. .bzrignore
  10. AUTHORS
  11. ChangeLog
  12. configure.ac
  13. COPYING
  14. HACKING
  15. Makefile.am
  16. NEWS
  17. OWNERS
  18. PRESUBMIT.cfg
  19. README
  20. TODO