diff options
| author | jhorwich@chromium.org <jhorwich@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-29 00:11:40 +0000 |
|---|---|---|
| committer | jhorwich@chromium.org <jhorwich@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-29 00:11:40 +0000 |
| commit | 8f1e35f3f703c9be068dda4aeb476b8c7b2ca48c (patch) | |
| tree | 1e690d4e3632876863c8b7582e807573c24a41b4 | |
| parent | 2f3aca187651be952b02823a551bb7c5c9ea6d05 (diff) | |
| download | chromium_src-8f1e35f3f703c9be068dda4aeb476b8c7b2ca48c.zip chromium_src-8f1e35f3f703c9be068dda4aeb476b8c7b2ca48c.tar.gz chromium_src-8f1e35f3f703c9be068dda4aeb476b8c7b2ca48c.tar.bz2 | |
NaCl: Include times in list of allowed syscalls.
The recently-added seccomp-filter-sandbox caused the syscall
__NR_TIMES to be trapped rather than allowed. Applications that
use the Pepper GPU interfaces typically need this via
CommandBufferHelper::FlushSync, which calls clock.
This CL merely adds __NR_times to the list of syscall IDs allowed.
BUG=264856
TEST=Run Tumbler NaCl example on Linux
R=jln@chromium.org, mseaborn@chromium.org
Review URL: https://codereview.chromium.org/20771003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@214146 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/nacl/nacl_sandbox_linux.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/chrome/nacl/nacl_sandbox_linux.cc b/chrome/nacl/nacl_sandbox_linux.cc index 3164ddc..168f591 100644 --- a/chrome/nacl/nacl_sandbox_linux.cc +++ b/chrome/nacl/nacl_sandbox_linux.cc @@ -100,6 +100,10 @@ ErrorCode NaClBpfSandboxPolicy( case __NR_sched_setscheduler: case __NR_setpriority: case __NR_sysinfo: + // __NR_times needed as clock() is called by CommandBufferHelper, which is + // used by NaCl applications that use Pepper's 3D interfaces. + // See crbug.com/264856 for details. + case __NR_times: case __NR_uname: return ErrorCode(ErrorCode::ERR_ALLOWED); case __NR_ptrace: |