feat(sandbox): add fd sandbox #857
Conversation
|
this was slightly more complex than expected because of
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #857 +/- ##
==========================================
- Coverage 71.86% 71.31% -0.56%
==========================================
Files 23 23
Lines 3064 3134 +70
==========================================
+ Hits 2202 2235 +33
- Misses 862 899 +37 ☔ View full report in Codecov by Sentry. |
n0toose
force-pushed
the
sandbox-fd
branch
2 times, most recently
from
bf3f183 to
2bbae9b
Compare
|
this definitely works with both temporary files and mapped ones (and mapped directories), but breaks with
|
|
works now
|
|
Have you also considered the special file descriptors (1,2 & 3) that are opened on the hypervisor per default? |
In my bruteforcing attempts to get this to work, I think I completely forgot about
|
|
I presume that I'll probably have to take note of |
|
All checks pass. This change should probably be manually tested on macOS too, just to be sure. I will leave the commit squashing for later. |
| @@ -171,8 +190,7 @@ pub fn write<B: VirtualizationBackend>( | |||
| ) | |||
| .unwrap(); | |||
|
|
|||
| if syswrite.fd == 1 { | |||
| // fd 0 is stdout | |||
| if syswrite.fd == 1 || syswrite.fd == 2 { | |||
There was a problem hiding this comment.
Not 1000% sure whether this is sane.
There was a problem hiding this comment.
Looks fine, at least until we have separate handling for stderr
src/hypercall.rs
Outdated
| pub fn close(sysclose: &mut CloseParams, file_map: &mut UhyveFileMap) { | ||
| if file_map.get_fd_presence(sysclose.fd.into_raw_fd()) { | ||
| unsafe { sysclose.ret = libc::close(sysclose.fd) } | ||
| if sysclose.ret >= 0 { |
There was a problem hiding this comment.
Is allowing close on the fds 0, 1, 2 violating isolation? Should we handle this in a different way?
There was a problem hiding this comment.
I found this comment: https://stackoverflow.com/a/4973065/6551168
So it might be ok for the kernel to close them, but as uhyve still needs them, I think ignoring this close is the way to go.
n0toose
force-pushed
the
sandbox-fd
branch
3 times, most recently
from
823ea51 to
5802165
Compare
This extends UhyveFileMap with a sandbox mapping file descriptors to maps, so as to prevent the opening of file descriptors that belong to Uhyve (or to that of other VMs, when Uhyve exposes such functionality to the user). There is no Linux equivalent of unlink that is capable of removing files using a file descriptor. We did not want to keep a file descriptor of an unlinked file available to the VM. Therefore, we used a BiMap that associate fds to guest paths and guest paths to fds (instead of a simple container containing fds).
If an unlink takes place while the file is open, this would make the subsequent close fail, as soon as the file object goes out of scope and gets dropped. We introduced a HashSet that temporarily caches such unlinked file descriptors.
|
caught a bug that occurs when unlinking a file and then subsequently dropping it - unlinked files present in the map will cause an error later, as we'd have already removed the fd during an unlink. this keeps it in a HashSet until it is actually dropped - this only happens if the file is already present in the fdmap map<>fd association |
No description provided.