security/hakurei
6
3
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

internal/pkg: set container WaitDelay
All checks were successful
Test / Create distribution (push) Successful in 46s
Details
Test / Sandbox (push) Successful in 2m53s
Details
Test / ShareFS (push) Successful in 4m45s
Details
Test / Sandbox (race detector) (push) Successful in 5m18s
Details
Test / Hpkg (push) Successful in 5m19s
Details
Test / Hakurei (push) Successful in 5m29s
Details
Test / Hakurei (race detector) (push) Successful in 7m27s
Details
Test / Flake checks (push) Successful in 1m45s
Details

Browse Source 
This prevents a container from blocking forever after context is canceled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-01-08 06:23:57 +09:00
parent 38059db835
commit b3c30bcc51
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/pkg/exec.go
View File

@@ -8,6 +8,7 @@ import (
"runtime" "runtime"
"slices" "slices"
"syscall" "syscall"
"time"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check" "hakurei.app/container/check"
@@ -186,6 +187,11 @@ func (a *execArtifact) Cure(c *CureContext) (err error) {
return a.cure(c, false) return a.cure(c, false)
} }
const (
// execWaitDelay is passed through to [container.Params].
execWaitDelay = 15 * time.Second
)
// cure is like Cure but allows optional host net namespace. This is used for // cure is like Cure but allows optional host net namespace. This is used for
// the [KnownChecksum] variant where networking is allowed. // the [KnownChecksum] variant where networking is allowed.
func (a *execArtifact) cure(c *CureContext, hostNet bool) (err error) { func (a *execArtifact) cure(c *CureContext, hostNet bool) (err error) {
@@ -272,6 +278,7 @@ func (a *execArtifact) cure(c *CureContext, hostNet bool) (err error) {
z := container.New(ctx, a.msg) z := container.New(ctx, a.msg)
z.ForwardCancel = true z.ForwardCancel = true
z.WaitDelay = execWaitDelay
z.SeccompPresets |= std.PresetStrict z.SeccompPresets |= std.PresetStrict
z.ParentPerm = 0700 z.ParentPerm = 0700
z.HostNet = hostNet z.HostNet = hostNet