Add support for seccomp thread sync feature #58
Conversation
| @@ -0,0 +1,80 @@ | |||
| #![allow(clippy::undocumented_unsafe_blocks)] | |||
There was a problem hiding this comment.
This test was adapted from my tsync test in extrasafe. https://github.com/boustrophedon/extrasafe/blob/master/tests/thread_multi.rs
|
Looks like musl doesn't have the linux/seccomp.h There's also lint and formatting errors that I need to fix. |
boustrophedon
force-pushed
the
tsync
branch
2 times, most recently
from
f2ccfc3
to
c63ac88
Compare
|
It looks like everything except coverage and musl builds are passing now. I'm not sure what the best resolution is for the missing constant in musl libc. |
Open a PR against rust-lang/libc since this looks like it wasn't included when then gnu/musl split happened. |
|
Did some digging, seems like it was just missed at some point. In the meantime, I'll update this diff to use libc::SECCOMP_FILTER_FLAG_TSYNC inside flags.rs which I had missed before but does anyone have an issue with landing this just using a locally-defined |
Yes, this is fine until the PR is merged in rust/libc 👍🏻 Have you checked that it's the same value on x86 and arm as well? |
|
Thanks for the review! I just pushed my PR to libc and am about to go to bed but I'll start working on the fixes tomorrow! |
|
I've made all the requested changes I think. Regarding the value of One thing I just noticed is that the manpage for seccomp says that the flags parameter is an unsigned int, but the definition for the flags in <linux/seccomp.h> is The only thing I'm not sure about is the |
| /// * `flags` - A u64 representing a bitset of seccomp's flags parameter. | ||
| /// | ||
| /// [`BpfProgram`]: type.BpfProgram.html | ||
| fn apply_filter_with_flags(bpf_filter: BpfProgramRef, flags: libc::c_ulong) -> Result<()> { |
There was a problem hiding this comment.
Ideally flags should be similar to something like OFlags in nix: https://docs.rs/nix/latest/nix/fcntl/struct.OFlag.html, it's slightly more robust, but if apply_filter_with_flags remain just for internal purposes (ie. flags is not part of the public API), then leaving it like this for now is fine.
There was a problem hiding this comment.
This was the initial approach in the PR but since different flags for the seccomp syscall results in different return types, I suggested to keep this function for internal use only, to keep things simple and hard to misuse
|
Thanks for catching everything that I missed! Regarding the clippy failure, I can make the change if you want but I personally think clippy's recommendation is not nearly as readable as just writing "rc > 0". If I'm looking at a single arm, "Ordering::Greater" doesn't tell me which is greater - I have to refer back to the top of the match statement. |
|
I agree that clippy's suggestion is less readable. |
- Adds public functions `seccompiler::apply_filter_all_threads` and private `apply_filter_with_flags` - Moves the body of apply_filter into apply_filter_with_flags - Uses seccomp call directly in apply_filter, so new Error variant is added. - Error variant also added for TSYNC failures Resolves rust-vmm#57 Signed-off-by: Harry Stern <harry@harrystern.net>
boustrophedon
force-pushed
the
tsync
branch
from
13f9668
to
5a2a6d5
Compare
|
Looks like everything is passing now, thanks everyone for the reviews! |
Summary of the PR
seccompiler::apply_filter_all_threadsResolves #57
Requirements
Before submitting your PR, please make sure you addressed the following
requirements:
git commit -s), and the commitmessage has max 60 characters for the summary and max 75 characters for each
description line.
test.
Release" section of CHANGELOG.md (if no such section exists, please create one).
unsafecode is properly documented.