[lxc-devel] [lxd/master] seccomp: cause a default message to be sent
brauner on Github
lxc-bot at linuxcontainers.org
Tue Jul 9 19:06:41 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 983 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190709/d3ea8809/attachment.bin>
-------------- next part --------------
From f21635180d20b70c64d95bf0df484f5c080e64b1 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 9 Jul 2019 20:57:02 +0200
Subject: [PATCH] seccomp: cause a default message to be sent
If liblxc is sending us messages of an indeterminate size we have two
options:
1. trigger a default response and _close_ the connection
2. trigger a default connection and _keep_ the connection
Option 1. means that we keep hanging the container for 30s on each
request. If liblxc is sending us garbage or a message of unknown size.
Options 2. means we keep handling the requests and responding with a
dummy response without doing anything. This will cause liblxc to respond
with the defaule ENOSYS response to the kernel. The container will not
be stalled.
I think option 1. is better than option 2.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/seccomp.go | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/lxd/seccomp.go b/lxd/seccomp.go
index 63738515e3..5ec2d074db 100644
--- a/lxd/seccomp.go
+++ b/lxd/seccomp.go
@@ -535,7 +535,7 @@ func NewSeccompServer(d *Daemon, path string) (*SeccompServer, error) {
}
cleanup := func() {
- c.Close()
+ s.InvalidHandler(c, int(unixFile.Fd()))
if fdMem >= 0 {
unix.Close(fdMem)
}
@@ -550,32 +550,32 @@ func NewSeccompServer(d *Daemon, path string) (*SeccompServer, error) {
if uint64(bytes) < uint64(C.SECCOMP_MSG_SIZE_MIN) {
logger.Debugf("Disconnected from seccomp socket after incomplete receive: pid=%v", ucred.pid)
- cleanup()
- return
+ go cleanup()
+ continue
}
if msg.__reserved != 0 {
logger.Debugf("Disconnected from seccomp socket after client sent non-zero reserved field: pid=%v", ucred.pid)
- cleanup()
- return
+ go cleanup()
+ continue
}
if msg.sizes.seccomp_notif != C.expected_sizes.seccomp_notif {
logger.Debugf("Disconnected from seccomp socket since client uses different seccomp_notif sizes: %d != %d, pid=%v", msg.sizes.seccomp_notif, C.expected_sizes.seccomp_notif, ucred.pid)
- cleanup()
- return
+ go cleanup()
+ continue
}
if msg.sizes.seccomp_notif_resp != C.expected_sizes.seccomp_notif_resp {
logger.Debugf("Disconnected from seccomp socket since client uses different seccomp_notif_resp sizes: %d != %d, pid=%v", msg.sizes.seccomp_notif_resp, C.expected_sizes.seccomp_notif_resp, ucred.pid)
- cleanup()
- return
+ go cleanup()
+ continue
}
if msg.sizes.seccomp_data != C.expected_sizes.seccomp_data {
logger.Debugf("Disconnected from seccomp socket since client uses different seccomp_data sizes: %d != %d, pid=%v", msg.sizes.seccomp_data, C.expected_sizes.seccomp_data, ucred.pid)
- cleanup()
- return
+ go cleanup()
+ continue
}
go s.Handler(c, int(unixFile.Fd()), ucred, fdMem, fdProc, iov, msg, req, resp, cookie)
@@ -676,6 +676,13 @@ func doMknod(c container, dev types.Device, requestPID int) (error, int) {
return nil, 0
}
+// InvalidHandler sends a dummy message to LXC. LXC will notice the short write
+// and send a default message to the kernel thereby avoiding a 30s hang.
+func (s *SeccompServer) InvalidHandler(c net.Conn, clientFd int) {
+ msghdr := C.struct_msghdr{}
+ C.sendmsg(C.int(clientFd), &msghdr, C.MSG_NOSIGNAL)
+}
+
func (s *SeccompServer) Handler(c net.Conn, clientFd int, ucred *ucred,
fdMem int, fdProc int, iov *C.struct_iovec, msg *C.struct_seccomp_notify_proxy_msg,
req *C.struct_seccomp_notif, resp *C.struct_seccomp_notif_resp,
More information about the lxc-devel
mailing list