commit | 634fb404d3e4a92c2ef669a3b14b234c7968cdfd | [log] [tgz] |
---|---|---|
author | Victor Hsieh <victorhsieh@google.com> | Tue Mar 27 15:02:38 2018 -0700 |
committer | Victor Hsieh <victorhsieh@google.com> | Thu Mar 29 13:42:07 2018 -0700 |
tree | cf58295645d9bd27a37ccb4344399ff0c8411437 | |
parent | 925a04b775d6b39b9beaf0ba67b4e9fca7fb7f17 [diff] |
Fix seccomp filter set up in zygote This needs to land with extra syscalls whitelisted, including capset and setresuid. These privileged syscalls are used in the setup after the filter is initialized. Test: system starts, different apps run Bug: 63944145 Bug: 76461821 Change-Id: I49e6b292805f35baffb3530461c8741e75aceb32 Merged-In: I49e6b292805f35baffb3530461c8741e75aceb32