On 12/15/25 07:27, Alyssa Ross wrote: > Neither of these services run as root any more, so they don't have > access to /proc/kcore any more regardless. (Also we don't have > /proc/kcore on aarch64 so this previously errored there.) > > Fixes: 62590b8 ("host/rootfs: Sandbox crosvm") > Fixes: ec47d36 ("host/rootfs: Sandbox Cloud Hypervisor") > Signed-off-by: Alyssa Ross > --- > .../service/vm-services/template/data/service/vhost-user-gpu/run | 1 - > host/rootfs/image/usr/bin/run-vmm | 1 - > 2 files changed, 2 deletions(-) > > diff --git a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run > index b1f9bac..e063a82 100755 > --- a/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run > +++ b/host/rootfs/image/etc/s6-linux-init/run-image/service/vm-services/template/data/service/vhost-user-gpu/run > @@ -40,7 +40,6 @@ bwrap > --tmpfs /proc/irq > --remount-ro /proc/irq > --ro-bind /dev/null /proc/timer_list > - --ro-bind /dev/null /proc/kcore > --ro-bind /dev/null /proc/kallsyms > --ro-bind /dev/null /proc/sysrq-trigger > -- > diff --git a/host/rootfs/image/usr/bin/run-vmm b/host/rootfs/image/usr/bin/run-vmm > index 0640239..e30b14c 100755 > --- a/host/rootfs/image/usr/bin/run-vmm > +++ b/host/rootfs/image/usr/bin/run-vmm > @@ -113,7 +113,6 @@ bwrap > --tmpfs /proc/irq > --remount-ro /proc/irq > --ro-bind /dev/null /proc/timer_list > - --ro-bind /dev/null /proc/kcore > --ro-bind /dev/null /proc/kallsyms > --ro-bind /dev/null /proc/sysrq-trigger > -- > > base-commit: 6ceeb9b236cc50d2bba90068533ca1b7ff229c8b /proc/sysrq-trigger and /proc/timer_list can also be dropped, as they are not accessible to unprivileged users. With or without that change: Reviewed-by: Demi Marie Obenour -- Sincerely, Demi Marie Obenour (she/her/hers)