crosvm: 104.0 -> 107.1

diff --git i/src/crosvm.rs w/src/crosvm.rs

index ab7c466b..636dc140 100644

--- i/src/crosvm.rs

+++ w/src/crosvm.rs

@@ -345,7 +345,9 @@ impl Default for JailConfig {

     fn default() -> Self {

         JailConfig {

             pivot_root: PathBuf::from(option_env!("DEFAULT_PIVOT_ROOT").unwrap_or("/var/empty")),

-            seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR),

+            seccomp_policy_dir: PathBuf::from(

+                option_env!("DEFAULT_SECCOMP_POLICY_DIR").unwrap_or(SECCOMP_POLICY_DIR),

+            ),

             seccomp_log_failures: false,

         }

     }

{ stdenv, lib, rustPlatform, fetchgit

, minijail-tools, pkg-config, protobuf, wayland-scanner

{ stdenv, lib, rust, rustPlatform, fetchgit, fetchpatch

, clang, pkg-config, protobuf, python3, wayland-scanner

, libcap, libdrm, libepoxy, minijail, virglrenderer, wayland, wayland-protocols

}:

rustPlatform.buildRustPackage rec {

  pname = "crosvm";

  version = "104.0";

  version = "107.1";

  src = fetchgit {

    url = "https://chromium.googlesource.com/chromiumos/platform/crosvm";

    rev = "265aab613b1eb31598ea0826f04810d9f010a2c6";

    sha256 = "OzbtPHs6BWK83RZ/6eCQHA61X6SY8FoBkaN70a37pvc=";

    rev = "5a49a836e63aa6e9ae38b80daa09a013a57bfb7f";

    sha256 = "F+5i3R7Tbd9xF63Olnyavzg/hD+8HId1duWm8bvAmLA=";

    fetchSubmodules = true;

  };

  separateDebugInfo = true;

  patches = [

    ./default-seccomp-policy-dir.diff

    # Backport seccomp sandbox update for recent Glibc.

    # fetchpatch is not currently gerrit/gitiles-compatible, so we

    # have to use the mirror.

    # https://github.com/NixOS/nixpkgs/pull/133604

    (fetchpatch {

      url = "https://github.com/google/crosvm/commit/aae01416807e7c15270b3d44162610bcd73952ff.patch";

      sha256 = "nQuOMOwBu8QvfwDSuTz64SQhr2dF9qXt2NarbIU55tU=";

    })

  ];

  cargoLock.lockFile = ./Cargo.lock;

  cargoSha256 = "1jg9x5adz1lbqdwnzld4xg4igzmh90nd9xm287cgkvh5fbmsjfjv";

  nativeBuildInputs = [ minijail-tools pkg-config protobuf wayland-scanner ];

  nativeBuildInputs = [ clang pkg-config protobuf python3 wayland-scanner ];

  buildInputs = [

    libcap libdrm libepoxy minijail virglrenderer wayland wayland-protocols

  ];

  arch = stdenv.hostPlatform.parsed.cpu.name;

  postPatch = ''

    cp ${cargoLock.lockFile} Cargo.lock

    sed -i "s|/usr/share/policy/crosvm/|$PWD/seccomp/$arch/|g" \

        seccomp/$arch/*.policy

  preConfigure = ''

    patchShebangs third_party/minijail/tools/*.py

    substituteInPlace build.rs --replace '"clang"' '"${stdenv.cc.targetPrefix}clang"'

  '';

  preBuild = ''

    export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy

    for policy in seccomp/$arch/*.policy; do

        compile_seccomp_policy \

            --default-action trap $policy ''${policy%.policy}.bpf

    done

  "CARGO_TARGET_${lib.toUpper (builtins.replaceStrings ["-"] ["_"] (rust.toRustTarget stdenv.hostPlatform))}_LINKER" =

    "${stdenv.cc.targetPrefix}cc";

    substituteInPlace seccomp/$arch/*.policy \

      --replace "@include $(pwd)/seccomp/$arch/" "@include $out/share/policy/"

  '';

  # crosvm mistakenly expects the stable protocols to be in the root

  # of the pkgdatadir path, rather than under the "stable"

  # subdirectory.

  PKG_CONFIG_WAYLAND_PROTOCOLS_PKGDATADIR =

    "${wayland-protocols}/share/wayland-protocols/stable";

  buildFeatures = [ "default" "virgl_renderer" "virgl_renderer_next" ];

  postInstall = ''

    mkdir -p $out/share/policy/

    cp -v seccomp/$arch/*.{policy,bpf} $out/share/policy/

  '';

  passthru.updateScript = ./update.py;

  meta = with lib; {