Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

seccomp: Add support for SCMP_ACT_KILL_PROCESS #1044

Merged
merged 1 commit into from May 21, 2020
Merged

seccomp: Add support for SCMP_ACT_KILL_PROCESS #1044

merged 1 commit into from May 21, 2020

Conversation

pjbgf
Copy link
Contributor

@pjbgf pjbgf commented May 17, 2020

Adds support for SCMP_ACT_KILL_PROCESS, which allows users to kill the entire process when a syscall blocked by seccomp is called.

Signed-off-by: Paulo Gomes pjbgf@linux.com

@pjbgf
Add seccomp kill process
a9f1170 
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
giuseppe
giuseppe approved these changes May 18, 2020
View reviewed changes
Copy link
Member

@giuseppe giuseppe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tianon
Copy link
Member

tianon commented May 19, 2020
edited by caniszczyk

LGTM

Just to be clear, this was part of libseccomp version 2.4.0: seccomp/libseccomp@b2f15f3 -- so the note above this section ("A valid list of constants as of libseccomp v2.4.0 is shown below.") is still accurate. 👍

Approved with PullApprove

saschagrunert
saschagrunert approved these changes May 19, 2020
View reviewed changes
Copy link
Contributor

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, too

@cyphar
Copy link
Member

cyphar commented May 20, 2020
edited

LGTM.

@caniszczyk Looks like I'm not set up for PullApprove?

@mrunalp
Copy link
Contributor

mrunalp commented May 21, 2020
edited by caniszczyk

LGTM

Approved with PullApprove

@mrunalp mrunalp merged commit 44341cd into opencontainers:master May 21, 2020
@pjbgf pjbgf mentioned this pull request May 26, 2020
Open
kolyshkin added a commit to kolyshkin/runc that referenced this pull request May 4, 2022
@kolyshkin
libct/seccomp/config: add missing KillThread, KillProcess
e74fdeb 
OCI spec added SCMP_ACT_KILL_THREAD and SCMP_ACT_KILL_PROCESS almost two
years ago ([1], [2]), but runc support was half-finished [3].

Add these actions, and modify the test case to check them.

In addition, "runc features" now lists the new actions.

[1] opencontainers/runtime-spec#1044
[2] opencontainers/runtime-spec#1064
[3] https://github.com/opencontainers/runc/pulls/3204

Fixes: 4a4d4f1
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin mentioned this pull request May 4, 2022
Closed
crazy-max pushed a commit to crazy-max/runc that referenced this pull request May 4, 2022
@kolyshkin @crazy-max
libct/seccomp/config: add missing KillThread, KillProcess
68427f3 
OCI spec added SCMP_ACT_KILL_THREAD and SCMP_ACT_KILL_PROCESS almost two
years ago ([1], [2]), but runc support was half-finished [3].

Add these actions, and modify the test case to check them.

In addition, "runc features" now lists the new actions.

[1] opencontainers/runtime-spec#1044
[2] opencontainers/runtime-spec#1064
[3] https://github.com/opencontainers/runc/pulls/3204

Fixes: 4a4d4f1
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit e74fdeb)
kolyshkin added a commit to kolyshkin/runc that referenced this pull request May 20, 2022
@kolyshkin
libct/seccomp/config: add missing KillThread, KillProcess
85460a8 
OCI spec added SCMP_ACT_KILL_THREAD and SCMP_ACT_KILL_PROCESS almost two
years ago ([1], [2]), but runc support was half-finished [3].

Add these actions, and modify the test case to check them.

In addition, "runc features" now lists the new actions.

[1] opencontainers/runtime-spec#1044
[2] opencontainers/runtime-spec#1064
[3] https://github.com/opencontainers/runc/pulls/3204

Fixes: 4a4d4f1
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit e74fdeb)
(cherry picked from commit 68427f3)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin added a commit to kolyshkin/runc that referenced this pull request May 20, 2022
@kolyshkin
libct/seccomp/config: add missing KillThread, KillProcess
d105e05 
OCI spec added SCMP_ACT_KILL_THREAD and SCMP_ACT_KILL_PROCESS almost two
years ago ([1], [2]), but runc support was half-finished [3].

Add these actions, and modify the test case to check them.

In addition, "runc features" now lists the new actions.

[1] opencontainers/runtime-spec#1044
[2] opencontainers/runtime-spec#1064
[3] https://github.com/opencontainers/runc/pulls/3204

Fixes: 4a4d4f1
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit e74fdeb)
(cherry picked from commit 68427f3)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@AkihiroSuda AkihiroSuda mentioned this pull request Jan 24, 2023
Merged
@AkihiroSuda AkihiroSuda added this to the v1.1.0 milestone Feb 1, 2023
@AkihiroSuda AkihiroSuda mentioned this pull request Jun 26, 2023
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giuseppe giuseppe giuseppe approved these changes

@saschagrunert saschagrunert saschagrunert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@pjbgf @tianon @cyphar @mrunalp @giuseppe @saschagrunert @AkihiroSuda