-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update nix to 0.27.1 #2369
update nix to 0.27.1 #2369
Conversation
6653a7a
to
4cd83b1
Compare
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #2369 +/- ##
==========================================
+ Coverage 65.98% 66.01% +0.02%
==========================================
Files 133 133
Lines 16814 16832 +18
==========================================
+ Hits 11095 11111 +16
- Misses 5719 5721 +2 |
Hey, thanks for the PR. I think there was someone else also assigned to this you should also ping them . |
I'll take a look at this PR tomorrow. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your first contribution, and congrats your first OSS contribution! Awesome.
I left some comments.
crates/libcontainer/src/channel.rs
Outdated
std::mem::forget(os_sender); | ||
std::mem::forget(os_receiver); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I use forget() because some functions in the nix library now return an OwnedFd. This helps avoid accidentally closing the file descriptor too soon by preventing its automatic drop. Maybe fully relying on OwnedFd to manage the fd's lifetime instead of manually calling close on RawFd is a better approach, but I think this could require quite a bit of code changes.
What should we do to support OwnedFd
? I feel it is too dangerous for low-level container runtime because we must take care of the security risk.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For Sender
and Receiver
, the problem is relatively easy. I noticed that Sender::close()
will closes the fd.
I don't have a solid plan for fully supporting OwnedFd
. I can only say that I've tried to make my PR as compatible as possible with the previous implementation that used rawfd
, and reuse the code that previously managed file descriptors.
The main difficulty right now is that if we changes entirely to OwnedFd
, the console_socket
in struct ContainerArgs
(crates/libcontainer/src/process/args.rs:20) won't satisfy the Clone trait
. Maybe need to introduce Rc<T>
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should I avoid forget()
in this PR, or address it in a separate issue? I'd like to hear your opinion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should I avoid forget() in this PR, or address it in a separate issue? I'd like to hear your opinion.
Thanks for your detailed investigation. This problem relates to the security issue. So I can't merge it before removing forget()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with this cautious decision. I have some ideas for removing forget()
, but it will take some time to implement.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for understanding 🙏
but it will take some time to implement.
NP 👍 Let's give it a try!
fd | ||
} | ||
None => -1, | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens when it returns -1
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apparently, we can combine L90-L94 into L81-89. Is there a reason why you separate them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens when it returns
-1
?
It doesn't seem to make any difference compared to the past.
The previous setup_console_socket()
would return Ok(-1)
under certain conditions. Now, under the same conditions, it returns Ok(None)
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apparently, we can combine L90-L94 into L81-89. Is there a reason why you separate them?
There's nothing special. I can make the modification as you suggested.
@@ -164,12 +164,12 @@ fn clone(cb: CloneCb, flags: u64, exit_signal: Option<u64>) -> Result<Pid, Clone | |||
// do not use MAP_GROWSDOWN since it is not well supported. | |||
// Ref: https://man7.org/linux/man-pages/man2/mmap.2.html | |||
let child_stack = unsafe { | |||
mman::mmap( | |||
mman::mmap::<File>( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May I ask you to write a comment that File
doesn't have any meaning because we won't use it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's related to the change in the function signature of nix::sys::mman::mmap()
. The current signature of the mmap()
function is:
pub unsafe fn mmap<F: AsFd>(
addr: Option<NonZeroUsize>,
length: NonZeroUsize,
prot: ProtFlags,
flags: MapFlags,
f: Option<F>,
offset: off_t) -> Result<*mut c_void>
If you remove ::<File>
, it will result in a compilation error:
type annotations needed; cannot infer type of the type parameter
F
declared on the functionmmap
Is there any other way to avoid the compilation error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understood it, but it's unclear to the reader of this code. May I ask you to write a comment about it?
let csocketfd = self.setup_tty_socket(&container_dir)?; | ||
let csocketfd = csocketfd.map(|sockfd| { | ||
let fd = sockfd.as_raw_fd(); | ||
forget(sockfd); | ||
fd | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let csocketfd = self.setup_tty_socket(&container_dir)?; | |
let csocketfd = csocketfd.map(|sockfd| { | |
let fd = sockfd.as_raw_fd(); | |
forget(sockfd); | |
fd | |
}); | |
let csocketfd = self.setup_tty_socket(&container_dir)?.map(|sockfd| { | |
let fd = sockfd.as_raw_fd(); | |
forget(sockfd); | |
fd | |
}); |
}, | ||
)?; | ||
// The spec requires the listener socket to be closed immediately after sending. | ||
let _ = unistd::close(socket); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why we can remove close()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think OwnedFd
will automatically call libc::close()
when it goes out of function body.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The spec requires the listener socket to be closed immediately after sending.
We need to close it as soon as possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
L106 is the return statement, so sendmsg()
will be immediately followed by the drop of the socket.
However, considering that the spec emphasizes this point, I believe it's necessary to explicitly close the socket. I plan to call drop(socket)
on L105. Do you think that's okay?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it's necessary to explicitly close the socket. I plan to call drop(socket) on L105. Do you think that's okay?
I prefer it because there is a possibility that we might change the code around there.
@@ -47,14 +50,12 @@ pub fn recv_seccomp_listener(seccomp_listener: &Path) -> SeccompAgentResult { | |||
Ok(msg) => msg, | |||
Err(e) => { | |||
let _ = unistd::close(conn); | |||
let _ = unistd::close(socket); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can remove unisted::close
because OwnedFd
is automatically closed by Drop
, can't we?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a way to check if fd
is leaking?
I will take a look this week. |
@yihuaf Thanks for taking your time 🙏 I want you to review it, too. |
261e103
to
055f483
Compare
033a34f
to
c8ac6a7
Compare
Hi, I've resubmitted the new code, and I've removed all |
@anti-entropy123 May I ask you to resolve the conflict? 🙏 |
c8ac6a7
to
d816cd7
Compare
👌 Done. @utam0k |
@anti-entropy123 Thanks. Please tell me why we can't use |
Hi, thanks for your advice. Honestly, I didn't initially think of trying For example, in the Is my understanding correct? |
@anti-entropy123 I assume that |
@utam0k Indeed, you are right. So, do you think we shouldn't use Although you might already be aware, I'd like to mention that |
@anti-entropy123 I think Rc is one of a complex category. I would avoid using it if possible. |
I wish I had noticed that first. I'm sorry it took me so long to notice. |
@utam0k Okey, I will update the relevant code. |
Hey, I took a look at the changes and the conversation that is happening, and
@utam0k 👀 |
@anti-entropy123 Sorry for confusing you, but I agree with @YJDoc2 . We should take care of |
Signed-off-by: anti-entropy123 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@anti-entropy123 May I ask you to create the issue to fully support OwnedFd
in another PR
let f1 = std::mem::ManuallyDrop::new(f1); | ||
let f2 = std::mem::ManuallyDrop::new(f2); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nits: Could you leave a comment on why we need to ManuallyDrop?
Signed-off-by: anti-entropy123 <[email protected]>
Signed-off-by: anti-entropy123 <[email protected]>
Signed-off-by: anti-entropy123 <[email protected]>
No problem. 👌 @utam0k |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, some minor comments, but nothing blocking. So if everything else is ok, we can go ahead and merge, and address these later
tests/rust-integration-tests/integration_test/src/tests/seccomp_notify/seccomp_agent.rs
Outdated
Show resolved
Hide resolved
tests/rust-integration-tests/integration_test/src/tests/seccomp_notify/seccomp_agent.rs
Show resolved
Hide resolved
tests/rust-integration-tests/integration_test/src/tests/seccomp_notify/seccomp_agent.rs
Show resolved
Hide resolved
Signed-off-by: anti-entropy123 <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
nits by utam0k have been implemented, so going ahead and merging this.
@anti-entropy123 thank you for following on this and implementing 🙏 Apologies for the back-and-forth that was done from our side, and you had to change the PR 😓 |
@YJDoc2 You're welcome, and I greatly appreciate your reviews and suggestions. I've learned a lot from them 👍. I'm looking forward to making more contributions to Youki ! By the way, I have a question. I noticed that there are many individual commits in the main branch after merging this PR. Why not use 'Squash and merge'? Or should I aim to keep the number of commits as small as possible? |
🙌
So there is no hard-and-fast rule regarding this. We usually try to keep the main branch clean, and keep the commits in PR, so we can refer back to specific commit in history if needed. However, if there are lots of commits, or many commits which are just fixing lints / minor changes, we ask dev to rebase and squash, or merge the PR in squash-and-merge fashion. For this particular PR, 5 commits are not too much, and even though there are couple of lint/comment fix commits, I felt that would be fine. Overall, if possible one should aim to keep number of commits small, so the main branch stays clean ; but if it is required to have large number of commits (eg step-wise changes, separating each in a commit would make review easier) then one can request on PR to sqash as well (or we'd do so when we merge). |
I'm currently working on issue #2317.
note: the following content is now outdated
In the code changes I've made, there are two things that might raise questions:
std::mem::forget()
.unsafe
functionOwnedFd::from_raw_fd()
.I use
forget()
because some functions in thenix
library now return anOwnedFd
. This helps avoid accidentally closing the file descriptor too soon by preventing its automatic drop. Maybe fully relying onOwnedFd
to manage the fd's lifetime instead of manually calling close on RawFd is a better approach, but I think this could require quite a bit of code changes.I also use
OwnedFd::from_raw_fd()
because of thenix
library. Thenix::sched::setns()
function now requires anFd: AsFd
as one of its parameters, and I couldn't find a better way to convert ani32
intoFd: AsFd
.Additionally, this is my first time contributing code to an open-source repository. If there are any important details I've missed, please let me know.