Davíð Steinn Geirsson 21e0a68023 fix: add missing syscalls to GPU device seccomp allowlist ... The allowlist was derived from crosvm's gpu_common + gpu_device seccomp policies, but those are applied after process startup. systemd applies the filter before exec, so process lifecycle (execve, wait4, arch_prctl, set_tid_address), capability management (capget, capset), and socket server (bind, listen, accept4, socketpair) syscalls are also needed. Also create a shader cache directory at /run/vmsilo/<name>/gpu/cache and set __GL_SHADER_DISK_CACHE_PATH so the GPU device backend doesn't fail trying to create /home for shader cache in the sandboxed mount namespace. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-03-18 18:57:52 +00:00
..
lib	Remove dead code and simplify helpers	2026-03-07 16:34:52 +00:00
assertions.nix	feat: add cloud-hypervisor assertions (USB passthrough, schedulerIsolation warning)	2026-03-18 16:48:42 +00:00
css-colors.nix	feat(tray): add tray proxy for VM system tray integration	2026-02-17 23:29:42 +00:00
default.nix	netvm: add network.netvm/isNetvm convenience layer for auto VM-to-VM links	2026-03-07 14:21:38 +00:00
desktop.nix	docs: update README for cloud-hypervisor options, remove vm-start-debug	2026-03-18 16:51:11 +00:00
netvm.nix	netvm: support network.netvm = "host" for host-routed networking	2026-03-07 15:28:47 +00:00
networking.nix	Disable systemd-networkd-wait-online.service	2026-03-17 11:20:26 +00:00
options.nix	feat: add cloud-hypervisor options, remove nvidiaWeakenSandbox/gpu.vulkan	2026-03-18 16:25:05 +00:00
overlay.nix	Add colored borders for VM app and menu icons	2026-03-07 17:33:48 +00:00
package.nix	docs: update README for cloud-hypervisor options, remove vm-start-debug	2026-03-18 16:51:11 +00:00
pci.nix	refactor(nix-module): split config.nix into focused modules	2026-02-13 21:35:57 +00:00
scripts.nix	style: nix fmt	2026-03-18 16:53:21 +00:00
services.nix	fix: add missing syscalls to GPU device seccomp allowlist	2026-03-18 18:57:52 +00:00