Skip to content

seccomp: support notify listener #627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Mar 23, 2021
Merged

seccomp: support notify listener #627

merged 15 commits into from
Mar 23, 2021

Conversation

@giuseppe
Copy link
Member

@giuseppe giuseppe commented Mar 16, 2021

The OCI runtime specs[1] recently gained the support for seccomp
notifications.

[1] opencontainers/runtime-spec#1074

Signed-off-by: Giuseppe Scrivano [email protected]

@giuseppe
Copy link
Member Author

giuseppe commented Mar 16, 2021

@mauriciovasquezbernal PTAL

@giuseppe giuseppe force-pushed the seccomp-notifications-oci branch 3 times, most recently from b649c17 to 1187828 Compare March 17, 2021 13:10
@giuseppe giuseppe marked this pull request as ready for review March 17, 2021 13:16
@giuseppe giuseppe force-pushed the seccomp-notifications-oci branch 4 times, most recently from 1ecc6ba to 09ddd93 Compare March 23, 2021 11:56
@giuseppe
Copy link
Member Author

giuseppe commented Mar 23, 2021

rebased

rhatdan
rhatdan approved these changes Mar 23, 2021
View reviewed changes
contrib/seccomp-receiver/seccomp-receiver.c Outdated
/*
* crun - OCI runtime written in C
*
* Copyright (C) 2018, 2019 Giuseppe Scrivano <[email protected]>
Copy link
Member

@rhatdan rhatdan Mar 22, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need to be updated/changed?

rhatdan
rhatdan reviewed Mar 23, 2021
View reviewed changes
src/libcrun/container.c

yajl_gen_string (gen, YAJL_STR ("pid"), strlen ("pid"));
yajl_gen_integer (gen, pid);
r = yajl_gen_string (gen, YAJL_STR ("1.0"), strlen ("1.0"));
Copy link
Member

@rhatdan rhatdan Mar 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should you hard code the version here?

rhatdan
rhatdan reviewed Mar 23, 2021
View reviewed changes
src/libcrun/container.c Outdated
if (UNLIKELY (r != yajl_gen_status_ok))
goto exit;

r = yajl_gen_string (gen, YAJL_STR ("0.2.0"), strlen ("0.2.0"));
Copy link
Member

@rhatdan rhatdan Mar 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Majic number, should this be a const?

rhatdan
rhatdan reviewed Mar 23, 2021
View reviewed changes
src/libcrun/container.c Outdated
if (UNLIKELY (r != yajl_gen_status_ok))
goto exit;

r = yajl_gen_string (gen, YAJL_STR ("0.2.0"), strlen ("0.2.0"));
Copy link
Member

@rhatdan rhatdan Mar 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Magic number?

rhatdan
rhatdan reviewed Mar 23, 2021
View reviewed changes
tests/init.c Outdated
if (strcmp (argv[1], "check-feature") == 0)
{
if (argc < 2)
if (argc <= 2)
Copy link
Member

@rhatdan rhatdan Mar 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be just 3, would be easier to understand.

@giuseppe giuseppe force-pushed the seccomp-notifications-oci branch 2 times, most recently from c978989 to 1cac654 Compare March 23, 2021 17:32
giuseppe added 13 commits March 23, 2021 19:55
@giuseppe
crun: always use absolute path for the bundle
8722858 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
contrib: new tool to test seccomp notifications
8fd3320 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
linux: pass own pid to container process
6e19235 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
error: new function to convert from yajl errors
14083ab 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
container: use new error function for hooks JSON
873b62d 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
status: use function to convert from yajl errors
c3361c1 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
seccomp: support notify listener
5a627f4 
The OCI runtime specs[1] recently gained the support for seccomp
notifications.

[1] opencontainers/runtime-spec#1074

Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
init: fix check for nargs
5d9010b 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
init: add check for seccomp listener
f80e98d 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
tests: add test for seccomp listener
7812572 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
seccomp: always NUL terminate lowercase_arch
5e4efb7 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
src: initialize first_arg
2e88d19 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
src: initialize statx struct
00371ae 
Signed-off-by: Giuseppe Scrivano <[email protected]>
giuseppe added 2 commits March 23, 2021 19:58
@giuseppe
container: initialize tmp_err
d9c9fd0 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
cgroup: skip parsing empty file
9aa382b 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe giuseppe force-pushed the seccomp-notifications-oci branch from 1cac654 to 9aa382b Compare March 23, 2021 18:58
@giuseppe
Copy link
Member Author

giuseppe commented Mar 23, 2021

addressed the comments and pushed a new version

@rhatdan
Copy link
Member

rhatdan commented Mar 23, 2021

LGTM

@rhatdan rhatdan merged commit a1c0ef1 into containers:master Mar 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhatdan rhatdan rhatdan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@giuseppe @rhatdan