29c3f8becb
helper/seccomp: improve error handling
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m32s
Test / Fpkg (push) Successful in 3m18s
Test / Data race detector (push) Successful in 3m26s
Test / Flake checks (push) Successful in 47s
This passes both errno and libseccomp return value.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-12 15:52:48 +09:00
be16970e77
helper/seccomp: seccomp_load on negative fd
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m32s
Test / Fpkg (push) Successful in 3m23s
Test / Data race detector (push) Successful in 3m28s
Test / Flake checks (push) Successful in 50s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-12 15:18:52 +09:00
fe7d208cf7
helper: use generic extra files interface
...
Test / Create distribution (push) Successful in 1m38s
Test / Run NixOS test (push) Successful in 4m36s
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 23:34:15 +09:00
5b7b3fa9a4
helper/seccomp: implement reader interface via pipe
...
Test / Create distribution (push) Successful in 1m6s
Test / Run NixOS test (push) Successful in 2m44s
This also does not require the libc tmpfile call.
BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-03 19:43:03 +09:00
7b96cd6ded
helper/seccomp: do not call F_println if not verbose
...
Test / Create distribution (push) Successful in 1m42s
Test / Run NixOS test (push) Successful in 3m34s
This (slightly) improves performance.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 13:19:38 +09:00
163f15e93f
helper/seccomp: separate seccomp package
...
Test / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m31s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 12:59:11 +09:00
