External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-10-01 11:05:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

main: Give a friendly message when we get a seccomp violation

Browse Source 
If we receive SIGSYS and identify it as a seccomp violation then give
friendly instructions on how to debug further. We are unable to decode
the siginfo_t struct ourselves due to https://github.com/rust-lang/libc/issues/716

Fixes: #2139

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
Rob Bradford 2021-01-11 18:32:35 +00:00
parent d83c9a74f4
commit 39d080e0c1
3 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.lock generated
View File

@ -226,6 +226,7 @@ dependencies = [
"option_parser", "option_parser",
"seccomp", "seccomp",
"serde_json", "serde_json",
"signal-hook",
"ssh2", "ssh2",
"tempdir", "tempdir",
"tempfile", "tempfile",

3
Cargo.toml
View File

@ -23,11 +23,12 @@ log = { version = "0.4.13", features = ["std"] }
option_parser = { path = "option_parser" } option_parser = { path = "option_parser" }
seccomp = { git = "https://github.com/firecracker-microvm/firecracker", tag = "v0.22.0" } seccomp = { git = "https://github.com/firecracker-microvm/firecracker", tag = "v0.22.0" }
serde_json = "1.0.61" serde_json = "1.0.61"
signal-hook = "0.3.3"
thiserror = "1.0" thiserror = "1.0"
vmm = { path = "vmm" } vmm = { path = "vmm" }
vmm-sys-util = "0.7.0" vmm-sys-util = "0.7.0"
wait-timeout = "0.2.0"
vm-memory = "0.4.0" vm-memory = "0.4.0"
wait-timeout = "0.2.0"
[build-dependencies] [build-dependencies]
clap = { version = "2.33.3", features = ["wrap_help"] } clap = { version = "2.33.3", features = ["wrap_help"] }

31
src/main.rs
View File

@ -4,6 +4,7 @@
// //
extern crate anyhow; extern crate anyhow;
extern crate signal_hook;
extern crate vmm; extern crate vmm;
extern crate vmm_sys_util; extern crate vmm_sys_util;
@ -14,9 +15,14 @@ use clap::{App, Arg, ArgGroup, ArgMatches};
use libc::EFD_NONBLOCK; use libc::EFD_NONBLOCK;
use log::LevelFilter; use log::LevelFilter;
use seccomp::SeccompAction; use seccomp::SeccompAction;
use signal_hook::{
consts::SIGSYS,
iterator::{exfiltrator::WithRawSiginfo, SignalsInfo},
};
use std::env; use std::env;
use std::sync::mpsc::channel; use std::sync::mpsc::channel;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use std::thread;
use thiserror::Error; use thiserror::Error;
use vmm::config; use vmm::config;
use vmm_sys_util::eventfd::EventFd; use vmm_sys_util::eventfd::EventFd;
@ -355,6 +361,31 @@ fn start_vmm(cmd_arguments: ArgMatches, api_socket_path: &str) -> Result<(), Err
} else { } else {
SeccompAction::Trap SeccompAction::Trap
}; };
// See https://github.com/rust-lang/libc/issues/716 why we can't get the details from siginfo_t
if seccomp_action == SeccompAction::Trap {
thread::Builder::new()
.name("seccomp_signal_handler".to_string())
.spawn(move || {
for si in SignalsInfo::<WithRawSiginfo>::new(&[SIGSYS])
.unwrap()
.forever()
{
/* SYS_SECCOMP */
if si.si_code == 1 {
eprint!(
"\n==== seccomp violation ====\n\
Try running with `strace -ff` to identify the cause and open an issue: \
https://github.com/cloud-hypervisor/cloud-hypervisor/issues/new\n"
);
signal_hook::low_level::emulate_default_handler(SIGSYS).unwrap();
}
}
})
.unwrap();
}
let hypervisor = hypervisor::new().map_err(Error::CreateHypervisor)?; let hypervisor = hypervisor::new().map_err(Error::CreateHypervisor)?;
let vmm_thread = vmm::start_vmm_thread( let vmm_thread = vmm::start_vmm_thread(
env!("CARGO_PKG_VERSION").to_string(), env!("CARGO_PKG_VERSION").to_string(),