Skip to content

Commit 5ea8bf4

Browse files
happyCoder92copybara-github
happyCoder92
authored and
copybara-github
committed
AllowRestartableSequences: Add whole /proc
Adding `/proc/self/cpuset` is not really correct. PiperOrigin-RevId: 899621984 Change-Id: Ifd012394b34c95e150dac3a1e45670a6f3ce2b15
1 parent fa82150 commit 5ea8bf4

1 file changed

Lines changed: 1 addition & 3 deletions

File tree

sandboxed_api/sandbox2/policybuilder.cc

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1128,14 +1128,12 @@ PolicyBuilder& PolicyBuilder::AllowRestartableSequences(
11281128
});
11291129
AllowPrctlSetVma();
11301130

1131-
AddFileIfNamespaced("/proc/cpuinfo");
1132-
AddFileIfNamespaced("/proc/stat");
1131+
AddDirectoryIfNamespaced("/proc");
11331132
AddDirectoryIfNamespaced("/sys/devices/system/cpu");
11341133
}
11351134
if (cpu_fence_mode == kAllowSlowFences && !allowed_complex_.slow_fences) {
11361135
AllowSyscall(__NR_sched_getaffinity);
11371136
AllowSyscall(__NR_sched_setaffinity);
1138-
AddFileIfNamespaced("/proc/self/cpuset");
11391137
allowed_complex_.slow_fences = true;
11401138
} else if (cpu_fence_mode == kRequireFastFences) {
11411139
allowed_complex_.fast_fences = true;

0 commit comments

Comments
 (0)