mirrors/passt
1
0
Fork 0
mirror of https://passt.top/passt synced 2025-06-14 19:35:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

isolation: Clarify various self-isolation steps

Browse source 
We have a number of steps of self-isolation scattered across our code.
Improve function names and add comments to make it clearer what the self
isolation model is, what the steps do, and why they happen at the points
they happen.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson 2022-10-14 15:25:31 +11:00 committed by Stefano Brivio
parent 6909a8e339
commit 096e48669b
3 changed files with 86 additions and 13 deletions

8
passt.c
View file

@ -185,7 +185,7 @@ int main(int argc, char **argv)
arch_avx2_exec(argv);
drop_caps();
isolate_initial();
c.pasta_netns_fd = c.fd_tap = c.fd_tap_listen = -1;
@ -289,7 +289,7 @@ int main(int argc, char **argv)
}
}
if (sandbox(&c)) {
if (isolate_prefork(&c)) {
err("Failed to sandbox process, exiting\n");
exit(EXIT_FAILURE);
}
@ -299,9 +299,7 @@ int main(int argc, char **argv)
else
write_pidfile(pidfile_fd, getpid());
prctl(PR_SET_DUMPABLE, 0);
seccomp(&c);
isolate_postfork(&c);
timer_init(&c, &now);