seccomp: allow rseq syscall
Starting with v4.18, the Linux kernel provides the rseq
syscall which is a mechanism for fast userspace task
synchronization.
Starting with v2.35 glibc uses the new syscall, if it
exists, to gain some performance improvements, so we
need to update the policy files to allow it.
Even on older kernels where rseq is not supported,
glibc will still probe for its existence by expecting
an -ENOSYS response.
BUG=b:235960683
TEST=Local builds against glibc 2.35
Cq-Depend: chromium:3749266
Change-Id: I1ea8dc4d30dd1ac13b040a425349fb48d7a231d7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/logitech-updater/+/3763860
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Allen Webb <allenwebb@google.com>
Owners-Override: Dominick Ng <dominickn@google.com>
Commit-Queue: Manoj Gupta <manojgupta@chromium.org>
diff --git a/seccomp/logitech-updater-seccomp-amd64.policy b/seccomp/logitech-updater-seccomp-amd64.policy
index d7e7e9f..d4ad1e5 100644
--- a/seccomp/logitech-updater-seccomp-amd64.policy
+++ b/seccomp/logitech-updater-seccomp-amd64.policy
@@ -2,6 +2,9 @@
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
+# rseq should be first due to frequency and purpose to decrease nptl latency
+rseq: 1
+
access: 1
alarm: 1
arch_prctl: 1
diff --git a/seccomp/logitech-updater-seccomp-x86_64.policy b/seccomp/logitech-updater-seccomp-x86_64.policy
index d7e7e9f..d4ad1e5 100644
--- a/seccomp/logitech-updater-seccomp-x86_64.policy
+++ b/seccomp/logitech-updater-seccomp-x86_64.policy
@@ -2,6 +2,9 @@
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
+# rseq should be first due to frequency and purpose to decrease nptl latency
+rseq: 1
+
access: 1
alarm: 1
arch_prctl: 1
