diff options
| author | Maciej Żenczykowski <maze@google.com> | 2020-01-27 01:08:02 -0800 |
|---|---|---|
| committer | Maciej Żenczykowski <maze@google.com> | 2020-01-27 01:08:03 -0800 |
| commit | 77494d2b70f8cc8b08307f0dfe13d6b79b18e0f1 (patch) | |
| tree | f6b5dbec36e9028e8d5ca99253a286dcc4e8b00d /bpfloader | |
| parent | 0bfbf665b91e30b2683b71b178aaed6831e5fa7e (diff) | |
| download | bpf-77494d2b70f8cc8b08307f0dfe13d6b79b18e0f1.tar.gz | |
Grant IPC_LOCK capability to bpfloader
(instead of explicit memlock limit)
This reduces chance for memory allocation failures.
Any bpfloader failure is a critical boot time failure
(since without eBPF initializing properly netd will crash and
device will enter crash loop).
Test: builds, atest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5ed0118d63c53100e7431324914bf22e9870abfe
Diffstat (limited to 'bpfloader')
| -rw-r--r-- | bpfloader/bpfloader.rc | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/bpfloader/bpfloader.rc b/bpfloader/bpfloader.rc index 31747fb..924112e 100644 --- a/bpfloader/bpfloader.rc +++ b/bpfloader/bpfloader.rc @@ -1,9 +1,4 @@ service bpfloader /system/bin/bpfloader class main - capabilities SYS_ADMIN - # Set RLIMIT_MEMLOCK to 64MB for bpfloader - # Actually only 8MB is needed, but since bpfloader runs as root, it shares - # the global rlimit. Once bpfloader is running as its own user in the - # future, it will have dedicated rlimit to itself and this can be 8MB. - rlimit memlock 67108864 67108864 + capabilities SYS_ADMIN IPC_LOCK oneshot |