-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial duplicate RulesetCreated implementation #38
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Carl!
We should not create another RulesetCreated
object but something like RulesetRef
that would not allow modification of the original RulesetCreated
object (i.e. no RulesetCreatedAttr
implementation). The restrict_self
method should be part of a new trait, implemented by RulesetCreated
and RulesetRef
.
There is currently no way to remove the write mode of the ruleset FD, but that would make sense to be able to drop this permission. I'll work on that on the kernel side, but we should probably not wait for this new kernel feature to land.
I think I hit all the areas you guys mentioned. This will be a breaking change since we moved the restrict_self to a trait that now has to be included as an import. This should likely go in a new dot release which may work nicely with the rest of the changes that are coming. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please squash the commits that change the same code, especially those renaming variables in new code (e.g. Duplicate/NewRef)? This makes the review easier and also ease bisecting.
I'd like to keep the current commit message convention:
- short subject with a prefix
- 72-column formatted body
You need to add your Signed-off-by (see the failed DCO check).
All commits must pass the CI tests.
Can you please rebase on the main branch, squash into one commit, and fix the CI issues? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix issues reported by the CI.
5cda437
to
768bf95
Compare
768bf95
to
dc3fc68
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As reported by the CI, you need to add a Signed-off-by tag in the commit message.
4fdbfee
to
18ce04d
Compare
18ce04d
to
57a57eb
Compare
57a57eb
to
498126a
Compare
This enables the sharing of a parent ruleset that can be passed to multiple processes/threads without the need to reconstruct the ruleset. Signed-off-by: Carl Petty <carlpetty@microsoft.com>
498126a
to
47d187b
Compare
I did some cosmetic changes but this looks good. Thanks! |
This is a simple extension to the RulesetCreated object to allow for the object to be duplicated to a potential down-level consumer that can apply the ruleset in another thread or process without consuming the initial Ruleset. This is helpful when you have builders that will want to contain a parent ruleset copy that can be applied multiple times to new forks/threads without the need to reconstruct the builder.
It doesn't override clone to do this as there is not a great pattern for handling errors if we take that approach and
fcntl
can fail for a variety of reasons.Tested on
Ubuntu 23.04 6.2.0-20-generic
.