crash_dump: Remove permission to dump crosvm
A crosvm instance running a protected VM contains a memory mapping of the VM's protected memory. crash_dump can trigger a kernel panic if it attaches to such crosvm instance and tries to dump this memory region. Until we have a means of excluding only the protected memory from crash_dump, prevent crash_dump from dumping crosvm completely by taking away its SELinux permission to ptrace crosvm. Bug: 236672526 Test: run 'killall -s SIGSEGV crosvm' while running crosvm Change-Id: I6672746c479183cc2bbe3dce625e5b5ebcf6d822
This commit is contained in:
David Brazdil
parent
038018e113
commit
28b34f1bca
1 changed files with 1 additions and 0 deletions
|
|
@ -8,6 +8,7 @@ allow crash_dump {
|
|||
-apexd
|
||||
-bpfloader
|
||||
-crash_dump
|
||||
-crosvm # TODO(b/236672526): Remove exception for crosvm
|
||||
-diced
|
||||
-init
|
||||
-kernel
|
||||
|
|
|
|||
Loading…
Reference in a new issue