Merge "Grant TUNSETOFFLOAD to crosvm for running ferrochrome" into main

commit: d092943282e2a2eb5adbfd876862c04bf4361407 [log] [tgz]
author: Seungjae Yoo <seungjaeyoo@google.com> Mon Jun 17 01:33:13 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Jun 17 01:33:13 2024 +0000
tree: 2e19e4b4f207040253ec74e4dd7f455d2348fc04
parent: 39ec57c66982fea76224e33ff2416dd3d2fe6302 [diff]
parent: fcecae75a7203a985b137ebf9154a85e8f333dad [diff]
diff --git a/private/crosvm.te b/private/crosvm.te
index cddab36..0c2acb9 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te

@@ -135,7 +135,7 @@
 is_flag_enabled(RELEASE_AVF_ENABLE_NETWORK, `
     # Allow crosvm to deal with file descriptors of TAP interfaces.
     allow crosvm tun_device:chr_file rw_file_perms;
-    allowxperm crosvm tun_device:chr_file ioctl { TUNGETIFF TUNSETVNETHDRSZ };
+    allowxperm crosvm tun_device:chr_file ioctl { TUNGETIFF TUNSETOFFLOAD TUNSETVNETHDRSZ };
     allow crosvm self:udp_socket create_socket_perms;
     allowxperm crosvm self:udp_socket ioctl SIOCGIFMTU;
     allow crosvm vmnic:fd use;
commit	d092943282e2a2eb5adbfd876862c04bf4361407	[log] [tgz]
author	Seungjae Yoo <seungjaeyoo@google.com>	Mon Jun 17 01:33:13 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Jun 17 01:33:13 2024 +0000
tree	2e19e4b4f207040253ec74e4dd7f455d2348fc04
parent	39ec57c66982fea76224e33ff2416dd3d2fe6302 [diff]
parent	fcecae75a7203a985b137ebf9154a85e8f333dad [diff]