seccomp: add support for seccomp notify by giuseppe · Pull Request #190 · containers/conmon

giuseppe · 2020-07-27T14:31:18Z

add support for seccomp notify and add a basic support for emulating
mknod and mknodat. The handler implementation is likely going to
change, for now it is just a PoC to show how it would work.

Requires: containers/crun#438
Requires: libseccomp-2.5

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

lgtm-com · 2020-07-27T14:34:49Z

This pull request introduces 2 alerts when merging 0ed1348 into 3c396d4 - view on LGTM.com

new alerts:

2 for Local variable hides global variable

src/ctrl.c

giuseppe · 2020-08-27T07:02:39Z

@haircommander LGTY?

src/conn_sock.c

src/ctrl.c

src/seccomp_notify.c

haircommander · 2020-08-27T13:38:33Z

sorry, a couple of nits. I prefer it where a callee is defined below the caller. that allows the file to be read top down.

TomSweeneyRedHat · 2020-08-27T17:33:47Z

Other than @haircommander 's comments
LGTM

saschagrunert · 2020-08-27T18:15:41Z

@giuseppe please rebase to get the static build fixed.

Makefile

giuseppe · 2021-04-26T17:25:01Z

adapted to follow the OCI runtime specs, needs: https://github.com/giuseppe/libpod/tree/seccomp-notify

giuseppe · 2021-04-26T17:29:31Z

also needs: containers/crun#652

giuseppe · 2021-04-29T07:26:22Z

@haircommander @rhatdan adapted to follow the OCI specs

Makefile

src/conmon.c

rhatdan · 2021-05-06T10:48:53Z

@giuseppe needs a rebase.

giuseppe · 2021-05-17T19:09:34Z

I am not sure the CI failures are related to this PR

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

add support for seccomp notify and add a basic support for emulating mknod and mknodat. The handler implementation is likely going to change, for now it is just a PoC to show how it would work. Requires: containers/crun#438 Requires: libseccomp-2.5 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

giuseppe · 2021-06-01T16:25:56Z

kubernetes e2e is green as well

rhatdan · 2021-06-01T21:06:58Z

LGTM
@haircommander PTAL

haircommander · 2021-06-02T16:21:09Z

I would like to get #267 in and then we can merge this

giuseppe force-pushed the seccomp-notify branch from 0ed1348 to 51ea723 Compare July 27, 2020 14:45

giuseppe mentioned this pull request Jul 27, 2020

seccomp: support seccomp listener containers/crun#438

Merged

giuseppe marked this pull request as draft July 27, 2020 20:00

AkihiroSuda reviewed Jul 29, 2020

View reviewed changes

src/ctrl.c Outdated Show resolved Hide resolved

giuseppe force-pushed the seccomp-notify branch 10 times, most recently from 8b9239c to 14cfa57 Compare August 5, 2020 06:21

giuseppe force-pushed the seccomp-notify branch from 14cfa57 to 6777142 Compare August 25, 2020 07:31

giuseppe marked this pull request as ready for review August 25, 2020 07:31

giuseppe force-pushed the seccomp-notify branch 2 times, most recently from 389ea32 to 2b8da9d Compare August 25, 2020 07:48

haircommander reviewed Aug 27, 2020

View reviewed changes

src/conn_sock.c Outdated Show resolved Hide resolved

haircommander reviewed Aug 27, 2020

View reviewed changes

src/ctrl.c Outdated Show resolved Hide resolved

haircommander reviewed Aug 27, 2020

View reviewed changes

src/seccomp_notify.c Outdated Show resolved Hide resolved

giuseppe force-pushed the seccomp-notify branch from 2b8da9d to 4c0ac65 Compare August 28, 2020 07:29

rhafer reviewed Sep 3, 2020

View reviewed changes

Makefile Outdated Show resolved Hide resolved

giuseppe force-pushed the seccomp-notify branch 2 times, most recently from 47d6aa7 to 8dc536c Compare September 28, 2020 10:16

giuseppe force-pushed the seccomp-notify branch 2 times, most recently from e207e16 to e577f9f Compare April 26, 2021 16:58

giuseppe force-pushed the seccomp-notify branch from e577f9f to b82b6d7 Compare April 26, 2021 17:26

giuseppe force-pushed the seccomp-notify branch 4 times, most recently from 9e8f5c2 to d26cdcb Compare April 27, 2021 13:37

giuseppe marked this pull request as ready for review April 29, 2021 07:25

haircommander reviewed Apr 29, 2021

View reviewed changes

Makefile Outdated Show resolved Hide resolved

giuseppe force-pushed the seccomp-notify branch from d26cdcb to 9697d73 Compare April 29, 2021 16:00

haircommander reviewed Apr 29, 2021

View reviewed changes

src/conmon.c Show resolved Hide resolved

giuseppe force-pushed the seccomp-notify branch from 9697d73 to c6d19c6 Compare April 29, 2021 18:22

giuseppe force-pushed the seccomp-notify branch from c6d19c6 to 99a94bd Compare May 6, 2021 11:46

giuseppe force-pushed the seccomp-notify branch from 99a94bd to 181735a Compare May 17, 2021 15:43

giuseppe force-pushed the seccomp-notify branch from 181735a to 12b5cd1 Compare May 25, 2021 13:11

.cirrus.yml: raise the timeout to 60m

77dfb4b

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

giuseppe force-pushed the seccomp-notify branch from 12b5cd1 to f48ddb5 Compare June 1, 2021 14:51

giuseppe force-pushed the seccomp-notify branch from f48ddb5 to 106cad5 Compare June 1, 2021 15:36

rhatdan merged commit 75e067e into containers:master Jun 2, 2021

haircommander mentioned this pull request Jun 3, 2021

storage: succeed in DeleteContainer if container is unknown cri-o/cri-o#4966

Merged

saschagrunert mentioned this pull request Oct 18, 2021

Make libdl optional in meson definition #305

Merged

Conversation

giuseppe commented Jul 27, 2020

Uh oh!

lgtm-com bot commented Jul 27, 2020

Uh oh!

Uh oh!

giuseppe commented Aug 27, 2020

Uh oh!

Uh oh!

Uh oh!

Uh oh!

haircommander commented Aug 27, 2020

Uh oh!

TomSweeneyRedHat commented Aug 27, 2020

Uh oh!

saschagrunert commented Aug 27, 2020

Uh oh!

Uh oh!

giuseppe commented Apr 26, 2021

Uh oh!

giuseppe commented Apr 26, 2021

Uh oh!

giuseppe commented Apr 29, 2021

Uh oh!

Uh oh!

Uh oh!

rhatdan commented May 6, 2021

Uh oh!

giuseppe commented May 17, 2021

Uh oh!

giuseppe commented Jun 1, 2021

Uh oh!

rhatdan commented Jun 1, 2021

Uh oh!

haircommander commented Jun 2, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants