sandbox: add newfstatat & copy_file_range to allowed filesystem syscalls
#23179
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Closer, but now missing |
Added |
|
ACK 44d77d2 Tested that this does fix the test issues I was running into. |
newfstatat & copy_file_range to allowed filesystem syscalls
|
Code review ACK 44d77d2 |
Yes that's fine. |
|
Looks like it's not neccessary, GUIX build passes with those two PRs as-is. |
laanwj
reviewed
Oct 5, 2021
| allowed_syscalls.insert(__NR_statfs); // get filesystem statistics | ||
| allowed_syscalls.insert(__NR_statx); // get file status (extended) | ||
| allowed_syscalls.insert(__NR_unlink); // delete a name and possibly the file it refers to | ||
| allowed_syscalls.insert(__NR_access); // check user's permissions for a file |
There was a problem hiding this comment.
I think it creates somewhat of a merge hotspot to re-align these comments every time something is added/removed.
practicalswift
approved these changes
Oct 5, 2021
There was a problem hiding this comment.
cr ACK 44d77d2
Thanks for improving the experimental syscall sandbox! :)
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Oct 5, 2021
… allowed filesystem syscalls 44d77d2 sandbox: add copy_file_range to allowed filesystem syscalls (fanquake) ee08741 sandbox: add newfstatat to allowed filesystem syscalls (fanquake) Pull request description: Similar to bitcoin#23178, this is a follow up to bitcoin#20487, which has broken running the unit tests for some developers. Fix this by adding `newfstatat` to the list of allowed filesystem related calls. ACKs for top commit: achow101: ACK 44d77d2 laanwj: Code review ACK 44d77d2 practicalswift: cr ACK 44d77d2 Tree-SHA512: ce9d1b441ebf25bd2cf290566e05864223c1418dab315c962e1094ad877db5dd9fcab94ab98a46da8b712a8f5f46675d62ca3349215d8df46ec5b3c4d72dbaa6
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Similar to #23178, this is a follow up to #20487, which has broken running the unit tests for some developers. Fix this by adding
newfstatatto the list of allowed filesystem related calls.