Use Linux's unshare(2) abilities to further limit what compilers can do #439
Conversation
It's the same principle as containers. We limit: - CLONE_NEWIPC (SysV IPC): accessing IPC in the system - CLONE_NEWNET (networking): network access (only loopback allowed) - CLONE_NEWNS (mount namespace): complements chroot - CLONE_NEWPID (PIDs): no ptrace(2) or kill(2) any other processes - CLONE_NEWUSER (users): no other processes share UID - CLONE_NEWUTS (UTS) As a side-effect of CLONE_NEWPID, when run, the compiler will see itself as PID 1.
|
Can't reproduce the failure on my openSUSE Tumbleweed. |
|
ping. Please advise what to do. |
|
I can reproduce that on openSUSE 15.0/1 . Both Clang and GCC get stuck in read(), presumably trying to read stdin data that never comes, because the local cpp has failed. I don't understand that, because stdin should get EOF, and the flag that triggers this is CLONE_NEWPID. |
|
I'd like to have this (ideally on more than linux), but the hang is concerning. I added help wanted, it is probably a hard task to figure out why the hang happens on some system. If we can figure out why it hangs in some cases we can figure out what to do. |
|
On thing that comes to mind is perhaps old versions are buggy. If we can figure out where the bug was fixed we can disable this. If the bug is old enough we can document those systems as unsupported. It is worth rebasing with the latest where we have different CI systems. |
|
I'm going to take a look at this in the coming couple of weeks and see if I can figure out what's going on here. |
It's the same principle as containers. We limit:
As a side-effect of CLONE_NEWPID, when run, the compiler will see itself
as PID 1.