Google Git
Sign in
android / platform / external / crosvm / b233d7d60
commitb233d7d60a4e9df7b87ac9c86e8195899d194d7e[log] [tgz]
authorZihan Chen <zihanchen@google.com>Tue Jul 19 17:26:21 2022 -0700
committercrosvm LUCI <crosvm-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Sep 08 21:12:55 2022 +0000
treeecb56280f826635d0c52c15acdb39adc36536953
parent2d1a214d38abd5931e67ca0e5e0b1aa4d29c24c7 [diff]
crosvm: Embed seccomp filters into binary

Seccomp policy files will now pre-compile to bpf bytecode for
target architecture and embedded in the crosvm binary when not
built for chrome os.
When minijail is not checked out in crosvm tree as a submodule,
MINIJAIL_DIR environment variable needs to be specified for the
policy compiler to run.
Integration tests are now sandbox enabled for better coverage.

TEST=all tests passed, vm runs fine with sandbox on and no separate
policy files present. cros deploy & crostini still works.
BUG=b:235858187
FIXED=b:226975168

Change-Id: Ieaba4b3d7160ccb342a297ebc374894d19a8dc4d
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3824062
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Tested-by: Zihan Chen <zihanchen@google.com>
Commit-Queue: Zihan Chen <zihanchen@google.com>
7 files changed
tree: ecb56280f826635d0c52c15acdb39adc36536953
  1. .cargo/
  2. .devcontainer/
  3. .github/
  4. .vscode/
  5. aarch64/
  6. acpi_tables/
  7. anti_tamper/
  8. arch/
  9. argh_helpers/
  10. base/
  11. bin/
  12. bit_field/
  13. broker_ipc/
  14. ci/
  15. common/
  16. cros_async/
  17. crosvm-fuzz/
  18. crosvm_control/
  19. crosvm_plugin/
  20. devices/
  21. disk/
  22. docs/
  23. fuse/
  24. gpu_display/
  25. hypervisor/
  26. infra/
  27. integration_tests/
  28. io_uring/
  29. kernel_cmdline/
  30. kernel_loader/
  31. kvm/
  32. kvm_sys/
  33. libcras_stub/
  34. linux_input_sys/
  35. logo/
  36. media/
  37. metrics/
  38. net_sys/
  39. net_util/
  40. power_monitor/
  41. protos/
  42. qcow_utils/
  43. resources/
  44. rutabaga_gfx/
  45. seccomp/
  46. serde_keyvalue/
  47. src/
  48. system_api_stub/
  49. tests/
  50. third_party/
  51. tools/
  52. tpm2/
  53. tpm2-sys/
  54. tracing/
  55. tube_transporter/
  56. usb_sys/
  57. usb_util/
  58. vfio_sys/
  59. vhost/
  60. virtio_sys/
  61. vm_control/
  62. vm_memory/
  63. win_audio/
  64. win_util/
  65. x86_64/
  66. .dockerignore
  67. .gitignore
  68. .gitmodules
  69. .rustfmt.toml
  70. ARCHITECTURE.md
  71. build.rs
  72. Cargo.lock
  73. Cargo.toml
  74. CONTRIBUTING.md
  75. LICENSE
  76. mypy.ini
  77. navbar.md
  78. OWNERS
  79. PRESUBMIT.cfg
  80. pyproject.toml
  81. README.chromeos.md
  82. README.md
  83. run_tests
  84. rust-toolchain
  85. setup_cros_cargo.sh
  86. test_all
  87. unblocked_terms.txt
README.md

crosvm - The Chrome OS Virtual Machine Monitor

crosvm is a virtual machine monitor (VMM) based on Linux’s KVM hypervisor, with a focus on simplicity, security, and speed. crosvm is intended to run Linux guests, originally as a security boundary for running native applications on the Chrome OS platform. Compared to QEMU, crosvm doesn’t emulate architectures or real hardware, instead concentrating on paravirtualized devices, such as the virtio standard.

crosvm is currently used to run Linux/Android guests on Chrome OS devices.

Logo