External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-10-01 02:55:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

vmm: Propagate the SeccompAction value to the Vm struct constructor

Browse Source 
This patch propagates the SeccompAction value from main to the
Vm struct constructor (i.e. Vm::new_from_memory_manager), so that we can
use it to construct the DeviceManager and CpuManager struct for
controlling the behavior of the seccomp filters for vcpu/virtio-device
worker threads.

Signed-off-by: Bo Chen <chen.bo@intel.com>
This commit is contained in:
Bo Chen 2020-07-30 15:33:52 -07:00 committed by Sebastien Boeuf
parent 8e74637ebb
commit ff7ed8f628
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
vmm/src/lib.rs
View File

@ -229,13 +229,20 @@ pub fn start_vmm_thread(
// alternative is to run always with CAP_SYS_PTRACE but that is not a good idea.
let self_path = format!("/proc/{}/exe", std::process::id());
let vmm_path = std::fs::read_link(PathBuf::from(self_path)).map_err(Error::ExePathReadLink)?;
let vmm_seccomp_action = seccomp_action.clone();
let thread = thread::Builder::new()
.name("vmm".to_string())
.spawn(move || {
// Apply seccomp filter for VMM thread.
SeccompFilter::apply(vmm_seccomp_filter).map_err(Error::ApplySeccompFilter)?;
let mut vmm = Vmm::new(vmm_version.to_string(), api_event, vmm_path, hypervisor)?;
let mut vmm = Vmm::new(
vmm_version.to_string(),
api_event,
vmm_path,
vmm_seccomp_action,
hypervisor,
)?;
vmm.control_loop(Arc::new(api_receiver))
})
@ -256,6 +263,7 @@ pub struct Vmm {
vm: Option<Vm>,
vm_config: Option<Arc<Mutex<VmConfig>>>,
vmm_path: PathBuf,
seccomp_action: SeccompAction,
hypervisor: Arc<dyn hypervisor::Hypervisor>,
}
@ -264,6 +272,7 @@ impl Vmm {
vmm_version: String,
api_evt: EventFd,
vmm_path: PathBuf,
seccomp_action: SeccompAction,
hypervisor: Arc<dyn hypervisor::Hypervisor>,
) -> Result<Self> {
let mut epoll = EpollContext::new().map_err(Error::Epoll)?;
@ -295,6 +304,7 @@ impl Vmm {
vm: None,
vm_config: None,
vmm_path,
seccomp_action,
hypervisor,
})
}
@ -311,6 +321,7 @@ impl Vmm {
exit_evt,
reset_evt,
self.vmm_path.clone(),
&self.seccomp_action,
self.hypervisor.clone(),
)?;
self.vm = Some(vm);
@ -381,6 +392,7 @@ impl Vmm {
self.vmm_path.clone(),
source_url,
restore_cfg.prefault,
&self.seccomp_action,
self.hypervisor.clone(),
)?;
self.vm = Some(vm);
@ -430,6 +442,7 @@ impl Vmm {
exit_evt,
reset_evt,
self.vmm_path.clone(),
&self.seccomp_action,
self.hypervisor.clone(),
)?);
}

7
vmm/src/vm.rs
View File

@ -45,6 +45,7 @@ use linux_loader::loader::elf::Error::InvalidElfMagicNumber;
#[cfg(target_arch = "x86_64")]
use linux_loader::loader::elf::PvhBootCapability::PvhEntryPresent;
use linux_loader::loader::KernelLoader;
use seccomp::SeccompAction;
use signal_hook::{iterator::Signals, SIGINT, SIGTERM, SIGWINCH};
use std::collections::HashMap;
use std::convert::TryInto;
@ -267,6 +268,7 @@ impl Vm {
exit_evt: EventFd,
reset_evt: EventFd,
vmm_path: PathBuf,
_seccomp_action: &SeccompAction,
hypervisor: Arc<dyn hypervisor::Hypervisor>,
_saved_clock: Option<hypervisor::ClockData>,
) -> Result<Self> {
@ -332,6 +334,7 @@ impl Vm {
exit_evt: EventFd,
reset_evt: EventFd,
vmm_path: PathBuf,
seccomp_action: &SeccompAction,
hypervisor: Arc<dyn hypervisor::Hypervisor>,
) -> Result<Self> {
#[cfg(target_arch = "x86_64")]
@ -365,6 +368,7 @@ impl Vm {
exit_evt,
reset_evt,
vmm_path,
seccomp_action,
hypervisor,
None,
)?;
@ -381,6 +385,7 @@ impl Vm {
Ok(new_vm)
}
#[allow(clippy::too_many_arguments)]
pub fn new_from_snapshot(
snapshot: &Snapshot,
exit_evt: EventFd,
@ -388,6 +393,7 @@ impl Vm {
vmm_path: PathBuf,
source_url: &str,
prefault: bool,
seccomp_action: &SeccompAction,
hypervisor: Arc<dyn hypervisor::Hypervisor>,
) -> Result<Self> {
#[cfg(target_arch = "x86_64")]
@ -422,6 +428,7 @@ impl Vm {
exit_evt,
reset_evt,
vmm_path,
seccomp_action,
hypervisor,
#[cfg(target_arch = "x86_64")]
vm_snapshot.clock,