6cc9b311af
We were previously openining the platform device (i.e. /dev/kvm) inside the platfrom constructor (i.e. kvm.New). This requires that we have RW access to the platform device when constructing the platform. However, now that the runsc sandbox process runs as user "nobody", it is not able to open the platform device. This CL changes the kvm constructor to take the platform device FD, rather than opening the device file itself. The device file is opened outside of the sandbox and passed to the sandbox process. PiperOrigin-RevId: 212505804 Change-Id: I427e1d9de5eb84c84f19d513356e1bb148a52910 |
||
|---|---|---|
| .. | ||
| filemem | ||
| interrupt | ||
| kvm | ||
| procid | ||
| ptrace | ||
| ring0 | ||
| safecopy | ||
| BUILD | ||
| context.go | ||
| mmap_min_addr.go | ||
| platform.go | ||