security/hakurei
security/hakurei
6
3
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases 9 Wiki Activity

container/params: expose pipe deadline
All checks were successful
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 2m21s
Details
Test / Hakurei (push) Successful in 3m12s
Details
Test / Sandbox (race detector) (push) Successful in 4m5s
Details
Test / Hpkg (push) Successful in 4m8s
Details
Test / Hakurei (race detector) (push) Successful in 4m54s
Details
Test / Flake checks (push) Successful in 1m20s
Details

Browse Source 
This allows more graceful handling of unresponsive process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-10-31 21:49:43 +09:00
parent 6a0ecced90
commit 8b9652fc72
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
4 changed files with 32 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
container/container.go
View File

@ -25,6 +25,9 @@ const (
// CancelSignal is the signal expected by container init on context cancel.
// A custom [Container.Cancel] function must eventually deliver this signal.
CancelSignal = SIGUSR2
// Timeout from setup pipe creation to when initParams is fully written.
initSetupTimeout = 5 * time.Second
)
type (
@ -228,7 +231,7 @@ func (p *Container) Start() error {
}
// place setup pipe before user supplied extra files, this is later restored by init
if fd, e, err := Setup(&p.cmd.ExtraFiles); err != nil {
if fd, e, err := Setup(time.Now().Add(initSetupTimeout), &p.cmd.ExtraFiles); err != nil {
return &StartError{true, "set up params stream", err, false, false}
} else {
p.setup = e
@ -324,15 +327,13 @@ func (p *Container) Serve() error {
p.SeccompRules = make([]seccomp.NativeRule, 0)
}
err := setup.Encode(
&initParams{
err := setup.Encode(&initParams{
p.Params,
Getuid(),
Getgid(),
len(p.ExtraFiles),
p.msg.IsVerbose(),
},
)
})
if err != nil {
p.cancel()
}

7
container/params.go
View File

@ -6,13 +6,18 @@ import (
"os"
"strconv"
"syscall"
"time"
)
// Setup appends the read end of a pipe for setup params transmission and returns its fd.
func Setup(extraFiles *[]*os.File) (int, *gob.Encoder, error) {
func Setup(deadline time.Time, extraFiles *[]*os.File) (int, *gob.Encoder, error) {
if r, w, err := os.Pipe(); err != nil {
return -1, nil, err
} else {
if err = w.SetDeadline(deadline); err != nil {
return -1, nil, err
}
fd := 3 + len(*extraFiles)
*extraFiles = append(*extraFiles, r)
return fd, gob.NewEncoder(w), nil

3
container/params_test.go
View File

@ -59,7 +59,8 @@ func TestSetupReceive(t *testing.T) {
encoderDone := make(chan error, 1)
extraFiles := make([]*os.File, 0, 1)
if fd, encoder, err := container.Setup(&extraFiles); err != nil {
deadline, _ := t.Deadline()
if fd, encoder, err := container.Setup(deadline, &extraFiles); err != nil {
t.Fatalf("Setup: error = %v", err)
} else if fd != 3 {
t.Fatalf("Setup: fd = %d, want 3", fd)

32
internal/outcome/process.go
View File

@ -20,8 +20,12 @@ import (
"hakurei.app/system"
)
// Duration to wait for shim to exit on top of container WaitDelay.
const shimWaitTimeout = 5 * time.Second
const (
// Duration to wait for shim to exit on top of container WaitDelay.
shimWaitTimeout = 5 * time.Second
// Timeout from setup pipe creation to when outcomeState is fully written.
shimSetupTimeout = 5 * time.Second
)
// mainState holds persistent state bound to outcome.main.
type mainState struct {
@ -214,7 +218,7 @@ func (k *outcome) main(msg message.Msg) {
hsuPath := internal.MustHsuPath()
// ms.beforeExit required beyond this point
ms := &mainState{Msg: msg, k: k}
ms := mainState{Msg: msg, k: k}
if err := k.sys.Commit(); err != nil {
ms.fatal("cannot commit system setup:", err)
@ -232,11 +236,12 @@ func (k *outcome) main(msg message.Msg) {
// shim runs in the same session as monitor; see shim.go for behaviour
ms.cmd.Cancel = func() error { return ms.cmd.Process.Signal(syscall.SIGCONT) }
var e *gob.Encoder
if fd, encoder, err := container.Setup(&ms.cmd.ExtraFiles); err != nil {
var outcomeStateEncoder *gob.Encoder
if fd, encoder, err := container.Setup(time.Now().Add(shimSetupTimeout), &ms.cmd.ExtraFiles); err != nil {
ms.fatal("cannot create shim setup pipe:", err)
panic("unreachable")
} else {
e = encoder
outcomeStateEncoder = encoder
ms.cmd.Env = []string{
// passed through to shim by hsu
shimEnv + "=" + strconv.Itoa(fd),
@ -262,24 +267,11 @@ func (k *outcome) main(msg message.Msg) {
go func() { ms.cmdWait <- ms.cmd.Wait(); cancel() }()
ms.Time = &startTime
// unfortunately the I/O here cannot be directly canceled;
// the cancellation path leads to fatal in this case so that is fine
select {
case err := <-func() (setupErr chan error) {
setupErr = make(chan error, 1)
go func() { setupErr <- e.Encode(k.state) }()
return
}():
if err != nil {
if err := outcomeStateEncoder.Encode(k.state); err != nil {
msg.Resume()
ms.fatal("cannot transmit shim config:", err)
}
case <-ctx.Done():
msg.Resume()
ms.fatal("shim context canceled:", newWithMessageError("shim setup canceled", ctx.Err()))
}
// shim accepted setup payload, create process state
if ok, err := ms.store.Do(k.state.identity.unwrap(), func(c store.Cursor) {
if err := c.Save(&hst.State{