Comparer les révisions

...

3 Révisions

3 fichiers modifiés avec 9 ajouts et 4 suppressions

Voir le fichier

@ -127,8 +127,11 @@ int main(void)
We execute "cat()". The first call succeeds. In the second, we get an exception, because We execute "cat()". The first call succeeds. In the second, we get an exception, because
the subprocess "cat()" was launched in violated the policy (missing "rpath" vow). the subprocess "cat()" was launched in violated the policy (missing "rpath" vow).
Naturally, there is a performance overhead. Certain challenges such pass-by-reference Naturally, there is a performance overhead. Certain challenges remain, such as the fact
are yet to be solved. that being executed in a subprocess, we operate on copies, so handling references
is not something that has been given much thought. There is also the fact
that clone()ing from threads opens a can of worms. Hence, exile_launch()
is best avoided in multi-threaded contexts.
## Status ## Status
No release yet, experimental, API is unstable, builds will break on updates of this library. No release yet, experimental, API is unstable, builds will break on updates of this library.

Voir le fichier

@ -274,10 +274,12 @@ static struct syscall_vow_map exile_vow_map[] =
{EXILE_SYS(sched_getattr), EXILE_SYSCALL_VOW_SCHED}, {EXILE_SYS(sched_getattr), EXILE_SYSCALL_VOW_SCHED},
{EXILE_SYS(renameat2), EXILE_SYSCALL_VOW_CPATH}, {EXILE_SYS(renameat2), EXILE_SYSCALL_VOW_CPATH},
{EXILE_SYS(getrandom), EXILE_SYSCALL_VOW_STDIO}, {EXILE_SYS(getrandom), EXILE_SYSCALL_VOW_STDIO},
{EXILE_SYS(memfd_create), EXILE_SYSCALL_VOW_STDIO},
{EXILE_SYS(execveat), EXILE_SYSCALL_VOW_EXEC}, {EXILE_SYS(execveat), EXILE_SYSCALL_VOW_EXEC},
{EXILE_SYS(mlock2), EXILE_SYSCALL_VOW_STDIO}, {EXILE_SYS(mlock2), EXILE_SYSCALL_VOW_STDIO},
{EXILE_SYS(copy_file_range), EXILE_SYSCALL_VOW_STDIO}, {EXILE_SYS(copy_file_range), EXILE_SYSCALL_VOW_STDIO},
{EXILE_SYS(statx), EXILE_SYSCALL_VOW_RPATH}, {EXILE_SYS(statx), EXILE_SYSCALL_VOW_RPATH},
{EXILE_SYS(rseq), EXILE_SYSCALL_VOW_THREAD},
{EXILE_SYS(clone3), EXILE_SYSCALL_VOW_CLONE}, {EXILE_SYS(clone3), EXILE_SYSCALL_VOW_CLONE},
{EXILE_SYS(close_range), EXILE_SYSCALL_VOW_STDIO}, {EXILE_SYS(close_range), EXILE_SYSCALL_VOW_STDIO},
{EXILE_SYS(openat2), EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH}, {EXILE_SYS(openat2), EXILE_SYSCALL_VOW_RPATH|EXILE_SYSCALL_VOW_WPATH},

Voir le fichier

@ -119,7 +119,7 @@ inline int do_clone(int (*clonefn)(void *), void *launcharg)
} }
template<typename T, typename U, typename ... Args> template<typename T, typename U, typename ... Args>
typename std::enable_if_t<std::is_trivially_copyable_v<T>, T> exile_launch(struct exile_policy *policy, U fn, Args && ... args) typename std::enable_if_t<std::is_trivially_copyable_v<T> && !std::is_pointer_v<T>, T> exile_launch(struct exile_policy *policy, U fn, Args && ... args)
{ {
size_t mapsize = sizeof(T); size_t mapsize = sizeof(T);
T * sharedbuf = (T *) mmap(NULL, mapsize , PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0); T * sharedbuf = (T *) mmap(NULL, mapsize , PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
@ -145,7 +145,7 @@ typename std::enable_if_t<std::is_trivially_copyable_v<T>, T> exile_launch(struc
template<typename T, typename U, typename ... Args> template<typename T, typename U, typename ... Args>
typename std::enable_if_t<!std::is_trivially_copyable_v<T> && std::is_copy_constructible_v<T>, T> typename std::enable_if_t<std::is_pointer_v<T> || (!std::is_trivially_copyable_v<T> && std::is_copy_constructible_v<T>), T>
exile_launch(struct exile_policy *policy, const std::function<size_t (const T &, char *, size_t)> &serializer, const std::function<T(const char *, size_t)> &deserializer, U fn, Args && ... args) exile_launch(struct exile_policy *policy, const std::function<size_t (const T &, char *, size_t)> &serializer, const std::function<T(const char *, size_t)> &deserializer, U fn, Args && ... args)
{ {
size_t mapsize = EXILE_MMAP_SIZE; size_t mapsize = EXILE_MMAP_SIZE;