Rename seccompiler binary, deprecate --basic parameter and add extra thread name validation #2628
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Once we upstream the seccompiler library to rust-vmm and use it from there, the seccompiler binary in Firecracker will need a different name, so that it doesn't create confusion. As such, we rename the seccompiler binary to seccompiler-bin now, so that we don't rename it later, avoiding a breaking change in naming. The seccompiler library keeps its name and it will be used, under the hood by the binary as well. Signed-off-by: alindima <[email protected]>
alindima
added
Status: Awaiting review
alindima
changed the title
alindima
changed the title
docs/seccompiler.md
Outdated
| interface, with a couple of helper functions, for deserializing and installing | ||
| the binary filters. | ||
| Besides the seccompiler-bin executable, seccompiler also exports a small | ||
| library interface, with a couple of helper functions, for deserializing and |
There was a problem hiding this comment.
seccompiler also exports a library interface, with helper functions for deserializing......
serban300
previously approved these changes
Jun 18, 2021
Signed-off-by: alindima <[email protected]>
Signed-off-by: alindima <[email protected]>
Signed-off-by: alindima <[email protected]>
The --basic parameter is only used to support Firecracker's deprecated --seccomp-level argument. It makes sense to deprecate it and remove it once --seccomp-level is removed from Firecracker. Signed-off-by: alindima <[email protected]>
Signed-off-by: alindima <[email protected]>
alindima
force-pushed
the
rename_seccompiler_bin
branch
from
7cdf03b to
ba6d19e
Compare
|
@serban300 @AlexandruCihodaru I addressed the nits, PTAL |
AlexandruCihodaru
approved these changes
Jun 22, 2021
serban300
approved these changes
Jun 23, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for This PR
Considering the proposal of upstreaming the seccompiler library to rust-vmm,
the seccompiler binary used by Firecracker will need a slightly different name, so that
it doesn't clash with the library name.
Also, since the only use of the
--basicflag of seccompiler-bin is to support Firecracker's--seccomp-level 1, which is deprecated, we are also deprecating the--basicflag.Duplicated thread names in the JSON filter were allowed, due to the fact that the JSON spec doesn't forbid this. For the seccomp use case, however, it can result in undefined behaviour.
Description of Changes
rename the seccompiler binary to seccompiler-bin
deprecate the seccompiler-bin
--basicflag. It now displays a runtime warning when used.add a custom deserializer for the Json file that errors if there are duplicate thread keys in the file. also added a regression test.
This functionality can be added in
rust-vmm.License Acceptance
By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license.
PR Checklist
[Author TODO: Meet these criteria.][Reviewer TODO: Verify that these criteria are met. Request changes if not]git commit -s).unsafecode is properly documented.firecracker/swagger.yaml.CHANGELOG.md.