security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 31 Wiki Activity
443 Commits 4 Branches 31 Tags 3.1 MiB
1e6a059668
Commit Graph

6 Commits

Author SHA1 Message Date
Ophestra
1e6a059668
helper/seccomp: benchmark exporter
All checks were successful
Test / Create distribution (push) Successful in 1m44s
Details
Test / Run NixOS test (push) Successful in 4m32s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:37:51 +09:00
Ophestra
099da78af5
helper/seccomp: eliminate data race on pfd
All checks were successful
Test / Create distribution (push) Successful in 2m10s
Details
Test / Run NixOS test (push) Successful in 4m50s
Details 
Turns out the doc comment on os.File was lying about its methods being safe for concurrent use. The race detector picked up a data race from concurrent use of Fd and Close.

This change eliminates that by calling Fd in the prepare routine.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 10:40:51 +09:00
Ophestra
568d7758d5
helper/seccomp: panic on invalid closeWrite use
All checks were successful
Test / Create distribution (push) Successful in 1m46s
Details
Test / Run NixOS test (push) Successful in 4m39s
Details 
Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 12:58:20 +09:00
Ophestra
5b7b3fa9a4
helper/seccomp: implement reader interface via pipe
All checks were successful
Test / Create distribution (push) Successful in 1m6s
Details
Test / Run NixOS test (push) Successful in 2m44s
Details 
This also does not require the libc tmpfile call.

BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-03 19:43:03 +09:00
Ophestra
7b96cd6ded
helper/seccomp: do not call F_println if not verbose
All checks were successful
Test / Create distribution (push) Successful in 1m42s
Details
Test / Run NixOS test (push) Successful in 3m34s
Details 
This (slightly) improves performance.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:19:38 +09:00
Ophestra
163f15e93f
helper/seccomp: separate seccomp package
All checks were successful
Test / Create distribution (push) Successful in 1m39s
Details
Test / Run NixOS test (push) Successful in 3m31s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:59:11 +09:00