container: ptrace protection via Yama LSM
Some checks failed
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 43s
Test / Hakurei (push) Failing after 2m29s
Test / Hpkg (push) Successful in 3m32s
Test / Sandbox (race detector) (push) Successful in 4m21s
Test / Hakurei (race detector) (push) Successful in 5m3s
Test / Flake checks (push) Has been skipped
Some checks failed
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 43s
Test / Hakurei (push) Failing after 2m29s
Test / Hpkg (push) Successful in 3m32s
Test / Sandbox (race detector) (push) Successful in 4m21s
Test / Hakurei (race detector) (push) Successful in 5m3s
Test / Flake checks (push) Has been skipped
This is only a nice to have feature as the init process has no additional privileges and the monitor process was never reachable anyway. Closes #4. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -55,6 +55,11 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) {
|
||||
log.Fatal("this process must run as pid 1")
|
||||
}
|
||||
|
||||
if err := SetPtracer(0); err != nil {
|
||||
msg.Verbosef("cannot enable ptrace protection via Yama LSM: %v", err)
|
||||
// not fatal: this program has no additional privileges at initial program start
|
||||
}
|
||||
|
||||
var (
|
||||
params initParams
|
||||
closeSetup func() error
|
||||
|
||||
Reference in New Issue
Block a user