Compare commits
No commits in common. "2dc61828f167346cfe833ffb809d1b12d4dce239" and "88995d214d11b987db20d1290fd7205b6f3c6d86" have entirely different histories.
2dc61828f1
...
88995d214d
@ -127,11 +127,8 @@ int main(void)
|
|||||||
We execute "cat()". The first call succeeds. In the second, we get an exception, because
|
We execute "cat()". The first call succeeds. In the second, we get an exception, because
|
||||||
the subprocess "cat()" was launched in violated the policy (missing "rpath" vow).
|
the subprocess "cat()" was launched in violated the policy (missing "rpath" vow).
|
||||||
|
|
||||||
Naturally, there is a performance overhead. Certain challenges remain, such as the fact
|
Naturally, there is a performance overhead. Certain challenges such pass-by-reference
|
||||||
that being executed in a subprocess, we operate on copies, so handling references
|
are yet to be solved.
|
||||||
is not something that has been given much thought. There is also the fact
|
|
||||||
that clone()ing from threads opens a can of worms. Hence, exile_launch()
|
|
||||||
is best avoided in multi-threaded contexts.
|
|
||||||
|
|
||||||
## Status
|
## Status
|
||||||
No release yet, experimental, API is unstable, builds will break on updates of this library.
|
No release yet, experimental, API is unstable, builds will break on updates of this library.
|
||||||
|
2
exile.c
2
exile.c
@ -274,12 +274,10 @@ static struct syscall_vow_map exile_vow_map[] =
|
|||||||
{EXILE_SYS(sched_getattr), EXILE_SYSCALL_VOW_SCHED},
|
{EXILE_SYS(sched_getattr), EXILE_SYSCALL_VOW_SCHED},
|
||||||
{EXILE_SYS(renameat2), EXILE_SYSCALL_VOW_CPATH},
|
{EXILE_SYS(renameat2), EXILE_SYSCALL_VOW_CPATH},
|
||||||
{EXILE_SYS(getrandom), EXILE_SYSCALL_VOW_STDIO},
|
{EXILE_SYS(getrandom), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(memfd_create), EXILE_SYSCALL_VOW_STDIO},
|
|
||||||
{EXILE_SYS(execveat), EXILE_SYSCALL_VOW_EXEC},
|
{EXILE_SYS(execveat), EXILE_SYSCALL_VOW_EXEC},
|
||||||
{EXILE_SYS(mlock2), EXILE_SYSCALL_VOW_STDIO},
|
{EXILE_SYS(mlock2), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(copy_file_range), EXILE_SYSCALL_VOW_STDIO},
|
{EXILE_SYS(copy_file_range), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(statx), EXILE_SYSCALL_VOW_RPATH},
|
{EXILE_SYS(statx), EXILE_SYSCALL_VOW_RPATH},
|
||||||
{EXILE_SYS(rseq), EXILE_SYSCALL_VOW_THREAD},
|
|
||||||
{EXILE_SYS(clone3), EXILE_SYSCALL_VOW_CLONE},
|
{EXILE_SYS(clone3), EXILE_SYSCALL_VOW_CLONE},
|
||||||
{EXILE_SYS(close_range), EXILE_SYSCALL_VOW_STDIO},
|
{EXILE_SYS(close_range), EXILE_SYSCALL_VOW_STDIO},
|
||||||
{EXILE_SYS(openat2), EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH},
|
{EXILE_SYS(openat2), EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH},
|
||||||
|
@ -119,7 +119,7 @@ inline int do_clone(int (*clonefn)(void *), void *launcharg)
|
|||||||
}
|
}
|
||||||
|
|
||||||
template<typename T, typename U, typename ... Args>
|
template<typename T, typename U, typename ... Args>
|
||||||
typename std::enable_if_t<std::is_trivially_copyable_v<T> && !std::is_pointer_v<T>, T> exile_launch(struct exile_policy *policy, U fn, Args && ... args)
|
typename std::enable_if_t<std::is_trivially_copyable_v<T>, T> exile_launch(struct exile_policy *policy, U fn, Args && ... args)
|
||||||
{
|
{
|
||||||
size_t mapsize = sizeof(T);
|
size_t mapsize = sizeof(T);
|
||||||
T * sharedbuf = (T *) mmap(NULL, mapsize , PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
|
T * sharedbuf = (T *) mmap(NULL, mapsize , PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
|
||||||
@ -145,7 +145,7 @@ typename std::enable_if_t<std::is_trivially_copyable_v<T> && !std::is_pointer_v<
|
|||||||
|
|
||||||
|
|
||||||
template<typename T, typename U, typename ... Args>
|
template<typename T, typename U, typename ... Args>
|
||||||
typename std::enable_if_t<std::is_pointer_v<T> || (!std::is_trivially_copyable_v<T> && std::is_copy_constructible_v<T>), T>
|
typename std::enable_if_t<!std::is_trivially_copyable_v<T> && std::is_copy_constructible_v<T>, T>
|
||||||
exile_launch(struct exile_policy *policy, const std::function<size_t (const T &, char *, size_t)> &serializer, const std::function<T(const char *, size_t)> &deserializer, U fn, Args && ... args)
|
exile_launch(struct exile_policy *policy, const std::function<size_t (const T &, char *, size_t)> &serializer, const std::function<T(const char *, size_t)> &deserializer, U fn, Args && ... args)
|
||||||
{
|
{
|
||||||
size_t mapsize = EXILE_MMAP_SIZE;
|
size_t mapsize = EXILE_MMAP_SIZE;
|
||||||
|
Loading…
Reference in New Issue
Block a user