Merge "Allow CAP_SYS_NICE for crosvm" into main

commit: 8a216be443057317b918e73f86d5ca19bf5e63e4 [log] [tgz]
author: David Dai <davidai@google.com> Mon Feb 05 22:20:13 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Feb 05 22:20:13 2024 +0000
tree: 5bb7e930170ae1c098ef625722032bc754c03be6
parent: d4ae4c11651e5e6809e19a1801482e0b4789372d [diff]
parent: 7066a961bd1cc0f5392716711a4a66513d2b9d39 [diff]
diff --git a/private/crosvm.te b/private/crosvm.te
index 4f99e8c..6ad3727 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -51,6 +51,9 @@
   dontaudit crosvm self:capability ipc_lock;
 ')
 
+# Allow crosvm to tune for performance.
+allow crosvm self:global_capability_class_set sys_nice;
+
 # Let crosvm access its control socket as created by VS.
 #   read, write, getattr: listener socket polling
 #   accept: listener socket accepting new connection
commit	8a216be443057317b918e73f86d5ca19bf5e63e4	[log] [tgz]
author	David Dai <davidai@google.com>	Mon Feb 05 22:20:13 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Feb 05 22:20:13 2024 +0000
tree	5bb7e930170ae1c098ef625722032bc754c03be6
parent	d4ae4c11651e5e6809e19a1801482e0b4789372d [diff]
parent	7066a961bd1cc0f5392716711a4a66513d2b9d39 [diff]