Initial duplicate RulesetCreated implementation #38
Conversation
There was a problem hiding this comment.
Thanks Carl!
We should not create another RulesetCreated object but something like RulesetRef that would not allow modification of the original RulesetCreated object (i.e. no RulesetCreatedAttr implementation). The restrict_self method should be part of a new trait, implemented by RulesetCreated and RulesetRef.
There is currently no way to remove the write mode of the ruleset FD, but that would make sense to be able to drop this permission. I'll work on that on the kernel side, but we should probably not wait for this new kernel feature to land.
I think I hit all the areas you guys mentioned. This will be a breaking change since we moved the restrict_self to a trait that now has to be included as an import. This should likely go in a new dot release which may work nicely with the rest of the changes that are coming. |
There was a problem hiding this comment.
Can you please squash the commits that change the same code, especially those renaming variables in new code (e.g. Duplicate/NewRef)? This makes the review easier and also ease bisecting.
I'd like to keep the current commit message convention:
- short subject with a prefix
- 72-column formatted body
You need to add your Signed-off-by (see the failed DCO check).
All commits must pass the CI tests.
|
Can you please rebase on the main branch, squash into one commit, and fix the CI issues? |
int5-grey
force-pushed
the
duplicate_ruleset
branch
from
5cda437
to
768bf95
Compare
int5-grey
force-pushed
the
duplicate_ruleset
branch
from
768bf95
to
dc3fc68
Compare
int5-grey
force-pushed
the
duplicate_ruleset
branch
2 times, most recently
from
4fdbfee
to
18ce04d
Compare
int5-grey
force-pushed
the
duplicate_ruleset
branch
from
18ce04d
to
57a57eb
Compare
int5-grey
force-pushed
the
duplicate_ruleset
branch
from
57a57eb
to
498126a
Compare
This enables the sharing of a parent ruleset that can be passed to multiple processes/threads without the need to reconstruct the ruleset. Signed-off-by: Carl Petty <carlpetty@microsoft.com>
l0kod
force-pushed
the
duplicate_ruleset
branch
from
498126a
to
47d187b
Compare
|
I did some cosmetic changes but this looks good. Thanks! |
This is a simple extension to the RulesetCreated object to allow for the object to be duplicated to a potential down-level consumer that can apply the ruleset in another thread or process without consuming the initial Ruleset. This is helpful when you have builders that will want to contain a parent ruleset copy that can be applied multiple times to new forks/threads without the need to reconstruct the builder.
It doesn't override clone to do this as there is not a great pattern for handling errors if we take that approach and
fcntlcan fail for a variety of reasons.Tested on
Ubuntu 23.04 6.2.0-20-generic.