On linux, keep track of seccomp tracing properly. - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit a6677b873f2a521c1f03d54ce200b15ed7ca96ac
parent 1af0772ebe593567a0eeab0191064f2bc29c5d5f
Author: Joris Vink <joris@coders.se>
Date:   Tue,  7 Sep 2021 23:05:25 +0200

On linux, keep track of seccomp tracing properly.

With the new process startup code we must handle the SIGSTOP
from the processes if seccomp_tracing is enabled. Otherwise
they just hang indefinitely and we assume they failed to start,
which is somewhat true.

Diffstat:
src/worker.c  | 13 +++++++++++++

1 file changed, 13 insertions(+), 0 deletions(-)
diff --git a/src/worker.c b/src/worker.c
@@ -184,6 +184,9 @@ kore_worker_spawn(u_int16_t idx, u_int16_t id, u_int16_t cpu)
 {
 	int			cnt;
 	struct kore_worker	*kw;
+#if defined(__linux__)
+	int			status;
+#endif
 
 	kw = WORKER(idx);
 	kw->id = id;
@@ -227,6 +230,16 @@ kore_worker_spawn(u_int16_t idx, u_int16_t id, u_int16_t cpu)
 			if (kw->ready == 1)
 				break;
 			usleep(100000);
+#if defined(__linux__)
+			/*
+			 * If seccomp_tracing is enabled, make sure we
+			 * handle the SIGSTOP from the child processes.
+			 */
+			if (kore_seccomp_tracing) {
+				if (waitpid(kw->pid, &status, WNOHANG) > 0)
+					kore_seccomp_trace(kw->pid, status);
+			}
+#endif
 		}
 
 		if (kw->ready == 0) {

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git