Allow users to remap FDs before container start #3013
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Aidan Hobson Sayers <[email protected]>
Signed-off-by: Aidan Hobson Sayers <[email protected]>
Signed-off-by: Aidan Hobson Sayers <[email protected]>
Signed-off-by: Aidan Hobson Sayers <[email protected]>
Signed-off-by: Aidan Hobson Sayers <[email protected]>
Signed-off-by: Aidan Hobson Sayers <[email protected]>
Signed-off-by: Aidan Hobson Sayers <[email protected]>
Test harness additionally needed to support 1. tests that cannot run in parallel 2. tests that need to customise create arguments Signed-off-by: Aidan Hobson Sayers <[email protected]>
Signed-off-by: Aidan Hobson Sayers <[email protected]>
|
Hey, I have made this draft + added |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note: this is not ready for merge (no tests, no exposure via cli, not signed off) but I've been carrying/using the branch for a while and thought I'd make a PR in case it's useful to anyone/see if there's any desire to get it into a mergeable state. It's built on top of #2892 and #2893 - to see the actual changes you'll want to look at aidanhs/youki@aphs-remap-fds~2...aidanhs:youki:aphs-remap-fds. The first commit improves FD discipline by passing fewer down to the intermediate process, the second implements remap fds.
The primary purpose of this PR is to allow programs that are not disciplined with their FDs to invoke containers and pass down FDs in a controlled way (i.e. without leaking any).
For example, if I have
let f = fs::File::open(...).unwrap()- let's say the FD is 25 (and may vary, depending on what other file operations I'm performing in the program/other threads). How do I pass this to my program?nsjailhas an argument for this (--pass-fd) but it's a lot harder if you want to use youki as a library:preserve_fds = 23as this will pass all file descriptors up to 25dupand useperserve_fds = 1because you don't know what's using fd 3 - you'd need to refactor the whole program to be disciplined about FD usage (which may not even be possible if threads are involved).preserve_fds- but now you have an extra process you need to communicate with and manage.remap_fdssolves this problem by acting as a more general--pass-fd:(25, 25)the fd will be unmarked as cloexec and passed down to the container(25, 3)the fd will be remapped by youki at the last moment, when it is safe to do so, and then passed downUnfortunately this will probably not work well in combination with seccomp - because remapping has to happen so late, seccomp enforcement will already be in place. There is a way to fix this that I have noted in the code, but I think it's quite difficult.