Skip to content

Revert "libcontainer: seccomp: pass around *os.File for notifyfd"#4337

Merged
AkihiroSuda merged 2 commits into
opencontainers:mainfrom
AkihiroSuda:fix-4328
Jul 9, 2024
Merged

Revert "libcontainer: seccomp: pass around *os.File for notifyfd"#4337
AkihiroSuda merged 2 commits into
opencontainers:mainfrom
AkihiroSuda:fix-4328

Conversation

@AkihiroSuda
Copy link
Copy Markdown
Member

@AkihiroSuda AkihiroSuda commented Jul 3, 2024

Fix #4328

Commit 1: Revert "libcontainer: seccomp: pass around *os.File for notifyfd"

This reverts commit 20b95f2.

Conflicts:
libcontainer/init_linux.go

Commit 2: seccomp-notify.bats: add fcntl to the important syscall list

For:

@AkihiroSuda AkihiroSuda added this to the 1.2.0 milestone Jul 3, 2024
@AkihiroSuda
Revert "libcontainer: seccomp: pass around *os.File for notifyfd"
e784848 
This reverts commit 20b95f2.

> Conflicts:
>	libcontainer/init_linux.go

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
@AkihiroSuda AkihiroSuda mentioned this pull request Jul 3, 2024
Closed
@AkihiroSuda AkihiroSuda requested a review from cyphar July 3, 2024 08:29
rata
rata reviewed Jul 3, 2024
View reviewed changes
Comment thread tests/integration/seccomp-notify.bats
@AkihiroSuda
seccomp-notify.bats: add fcntl to the important syscall list
a5e660c 
For issue 4328

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
kolyshkin
kolyshkin reviewed Jul 3, 2024
View reviewed changes
Comment thread tests/integration/seccomp-notify.bats
@AkihiroSuda AkihiroSuda requested review from kolyshkin and rata July 8, 2024 14:59
kolyshkin
kolyshkin approved these changes Jul 8, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cyphar PTAL

cyphar
cyphar approved these changes Jul 9, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@cyphar cyphar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Yeah it's unfortunate that we can't use *os.File -- I mainly included this change to eliminate the chance of us leaking the descriptor, but I guess in the seccompFd case this isn't such a huge deal...

@AkihiroSuda AkihiroSuda merged commit 3778ae6 into opencontainers:main Jul 9, 2024
@lifubang lifubang mentioned this pull request Aug 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cyphar cyphar cyphar approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

@rata rata Awaiting requested review from rata

Assignees

No one assigned

Labels

area/seccomp

Projects

None yet

Milestone

1.2.0

Development

Successfully merging this pull request may close these issues.

[v1.2 regression] SCMP_ACT_NOTIFY rule for fcntl causes runc to hang, before connecting to the seccomp listener agent

4 participants

@AkihiroSuda @rata @cyphar @kolyshkin