crosvm doesn't need IPC_LOCK
crosvm calls mlock. It used to need this capability, but now we remove
the rlimit (in Virtualization Manager via Virtualization Service) so
it no longer needs it and in fact is no longer granted it.
(This was previously removed in
commit 88f98d96da, but accidentally
re-introduced in commit 88f98d96dae3fb2616e93969685cbd737c364a0f.)
Bug: 322197421
Test: atest MicrodroidTests
Change-Id: I091170d0cb9b5617584b687e7f24cff153e06c85
This commit is contained in:
Alan Stokes
parent
410b2ae5fd
commit
bc12bccd8f
1 changed files with 0 additions and 3 deletions
|
|
@ -45,9 +45,6 @@ allow crosvm {
|
|||
# Allow searching the directory where the composite disk images are.
|
||||
allow crosvm virtualizationservice_data_file:dir search;
|
||||
|
||||
# Allow crosvm to mlock guest memory.
|
||||
allow crosvm self:capability ipc_lock;
|
||||
|
||||
# Let crosvm access its control socket as created by VS.
|
||||
# read, write, getattr: listener socket polling
|
||||
# accept: listener socket accepting new connection
|
||||
|
|
|
|||
Loading…
Reference in a new issue