Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MacOS socket audit token #2529

Merged
merged 5 commits into from
Oct 30, 2024
Merged

Conversation

PaulDance
Copy link
Contributor

@PaulDance PaulDance commented Oct 30, 2024

What does this PR do

This adds a new API for getsockopt around libc::LOCAL_PEERTOKEN following rust-lang/libc#3929. The return type definition is the low-level audit_token_t as defined in osfmk/mach/message.h and taken from endpoint-sec-sys. A small test was added for it.

Checklist:

  • I have read CONTRIBUTING.md
  • I have written necessary tests and rustdoc comments
  • A change log has been added if this PR modifies nix's API

So the LOCAL_PEERTOKEN it adds may be guaranteed to be available.

Signed-off-by: Paul Mabileau <paul.mabileau@harfanglab.fr>
@PaulDance PaulDance changed the title Macos socket token MacOS socket audit token Oct 30, 2024
…d of 0

Should be more readable.

Signed-off-by: Paul Mabileau <paul.mabileau@harfanglab.fr>
audit_token_t is taken from endpoint-sec-sys.

Signed-off-by: Paul Mabileau <paul.mabileau@harfanglab.fr>
Signed-off-by: Paul Mabileau <paul.mabileau@harfanglab.fr>
Signed-off-by: Paul Mabileau <paul.mabileau@harfanglab.fr>
@PaulDance PaulDance marked this pull request as ready for review October 30, 2024 12:40
Copy link
Member

@SteveLauC SteveLauC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation looks good, thanks for the patch!

src/sys/socket/sockopt.rs Show resolved Hide resolved
@SteveLauC
Copy link
Member

but does not seem to be run at all for some reason?

Emm, from the CI log, both amd64 and aarch64 CIs have this test executed 🤔

@PaulDance
Copy link
Contributor Author

Hey, thanks for the super quick reply!

Emm, from the CI log, both amd64 and aarch64 CIs have this test executed 🤔

Yes, I double-checked and they actually do run! I initially pushed just to see the result of the CI run before launching my whole macOS machinery (I don't work from one) and fixing any upcoming issue, but when I saw that every test job was green on the first attempt, I was immediately doubtful and when searching with my browser's search, I couldn't find the test name in the logs, but that was just due to GitHub's auto load and unload of logs, so the integrated search is really the source of truth here 😅

Anyway, if everything is good for you, then it is for me too!

@SteveLauC SteveLauC added this pull request to the merge queue Oct 30, 2024
Merged via the queue into nix-rust:master with commit a41a1f0 Oct 30, 2024
39 checks passed
@PaulDance PaulDance deleted the macos-socket-token branch October 30, 2024 15:08
@PaulDance
Copy link
Contributor Author

Super cool, thanks a bunch!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants