Update GPU sandbox to whitelist NVIDIA and Vulkan ICD paths
This makes it possible to use WebGPU on Linux NVIDIA without disabling the GPU sandbox. It still requires --use-vulkan so that Chrome loads the Vulkan driver before creating the GPU sandbox. Bug: 852089 Change-Id: I80ea898af221e48c5dd6a471a468628b47cc1992 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2013474 Commit-Queue: Austin Eng <enga@chromium.org> Reviewed-by: Kenneth Russell <kbr@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#735108}
This commit is contained in:
Austin Eng
@ -267,6 +267,9 @@ void AddStandardGpuWhiteList(std::vector<BrokerFilePermission>* permissions) {
|
||||
static const char kNvidiaDeviceModeSetPath[] = "/dev/nvidia-modeset";
|
||||
static const char kNvidiaParamsPath[] = "/proc/driver/nvidia/params";
|
||||
static const char kDevShm[] = "/dev/shm/";
|
||||
static const char kVulkanIcdPath[] = "/usr/share/vulkan/icd.d";
|
||||
static const char kNvidiaVulkanIcd[] =
|
||||
"/usr/share/vulkan/icd.d/nvidia_icd.json";
|
||||
|
||||
// For shared memory.
|
||||
permissions->push_back(
|
||||
@ -287,6 +290,9 @@ void AddStandardGpuWhiteList(std::vector<BrokerFilePermission>* permissions) {
|
||||
permissions->push_back(
|
||||
BrokerFilePermission::ReadWrite(kNvidiaDeviceModeSetPath));
|
||||
permissions->push_back(BrokerFilePermission::ReadOnly(kNvidiaParamsPath));
|
||||
|
||||
permissions->push_back(BrokerFilePermission::ReadOnly(kVulkanIcdPath));
|
||||
permissions->push_back(BrokerFilePermission::ReadOnly(kNvidiaVulkanIcd));
|
||||
}
|
||||
|
||||
std::vector<BrokerFilePermission> FilePermissionsForGpu(
|
||||
|
||||
@ -202,7 +202,7 @@
|
||||
"--additional-expectations=../../third_party/blink/web_tests/WebGPUExpectations",
|
||||
"--isolated-script-test-filter=wpt_internal/webgpu/*",
|
||||
"--no-xvfb",
|
||||
"--additional-driver-flag=--disable-gpu-sandbox"
|
||||
"--additional-driver-flag=--use-vulkan=native"
|
||||
],
|
||||
"isolate_name": "blink_web_tests",
|
||||
"merge": {
|
||||
@ -425,7 +425,7 @@
|
||||
"--additional-expectations=../../third_party/blink/web_tests/WebGPUExpectations",
|
||||
"--isolated-script-test-filter=wpt_internal/webgpu/*",
|
||||
"--no-xvfb",
|
||||
"--additional-driver-flag=--disable-gpu-sandbox"
|
||||
"--additional-driver-flag=--use-vulkan=native"
|
||||
],
|
||||
"isolate_name": "blink_web_tests",
|
||||
"merge": {
|
||||
|
||||
@ -2542,7 +2542,7 @@
|
||||
],
|
||||
'linux_args': [
|
||||
'--no-xvfb',
|
||||
'--additional-driver-flag=--disable-gpu-sandbox',
|
||||
'--additional-driver-flag=--use-vulkan=native',
|
||||
],
|
||||
'merge': {
|
||||
'args': [
|
||||
|
||||
Reference in New Issue
Block a user