[lxc-devel] [lxc/master] seccomp: remove seccomp fd from event loop after task exited

Mon, 27 Jul 2020 01:26:22 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3499

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Linux v5.8 will land my patch where seccomp notifies when a filter goes unused,
i.e. when the last task using a given seccomp filter has exited. This wasn't
possible before and so we accumulated file descriptors in the container's event
loop whenever we attached to the container.
I'm not sure whether the task exiting before we could handle its syscall should
cause us to report and error or not. For now, let's simply close the event loop
and not report an error.

Signed-off-by: Christian Brauner <[email protected]>

From b2acb9dce972ed52905903e325896b8a11b6799a Mon Sep 17 00:00:00 2001
From: Christian Brauner <[email protected]>
Date: Mon, 27 Jul 2020 10:12:16 +0200
Subject: [PATCH] seccomp: remove seccomp fd from event loop after task exited

Linux v5.8 will land my patch where seccomp notifies when a filter goes unused,
i.e. when the last task using a given seccomp filter has exited. This wasn't
possible before and so we accumulated file descriptors in the container's event
loop whenever we attached to the container.
I'm not sure whether the task exiting before we could handle its syscall should
cause us to report and error or not. For now, let's simply close the event loop
and not report an error.

Signed-off-by: Christian Brauner <[email protected]>
---
 src/lxc/seccomp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 66f9a70f22..55216bc0b6 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -1373,6 +1373,9 @@ int seccomp_notify_handler(int fd, uint32_t events, void 
*data,
        char *cookie = conf->seccomp.notifier.cookie;
        uint64_t req_id;
 
+       if (events & EPOLLHUP)
+               return log_trace(LXC_MAINLOOP_CLOSE, "Syscall supervisee 
already exited");
+
        memset(req, 0, sizeof(*req));
        ret = seccomp_notify_receive(fd, req);
        if (ret) {

_______________________________________________
lxc-devel mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to