From 7296c0747fa69e6f20a507aafcb3e1a77ea0f430 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Fri, 28 Sep 2018 14:25:01 +0200 Subject: pkg/host: improve KMEMLEAK support Rewind kmemleak fd before reading it second time, otherwise we will read truncated reports. Auto-learn what leak reports we've already seen and ignore them in future. This is required because there are some false positives and some fire too frequently. So now we will hit each leak only once per manager run, but we still will try to reproduce them. --- pkg/ipc/ipcconfig/ipcconfig.go | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) (limited to 'pkg/ipc/ipcconfig') diff --git a/pkg/ipc/ipcconfig/ipcconfig.go b/pkg/ipc/ipcconfig/ipcconfig.go index 021978274..b94579102 100644 --- a/pkg/ipc/ipcconfig/ipcconfig.go +++ b/pkg/ipc/ipcconfig/ipcconfig.go @@ -33,18 +33,11 @@ func Default(target *prog.Target) (*ipc.Config, *ipc.ExecOpts, error) { if *flagDebug { c.Flags |= ipc.FlagDebug } - switch *flagSandbox { - case "none": - case "setuid": - c.Flags |= ipc.FlagSandboxSetuid - case "namespace": - c.Flags |= ipc.FlagSandboxNamespace - case "android_untrusted_app": - c.Flags |= ipc.FlagSandboxAndroidUntrustedApp - default: - return nil, nil, fmt.Errorf("flag sandbox must contain one of none/setuid/namespace/android_untrusted_app") + sandboxFlags, err := SandboxToFlags(*flagSandbox) + if err != nil { + return nil, nil, err } - + c.Flags |= sandboxFlags sysTarget := targets.Get(target.OS, target.Arch) if sysTarget.ExecutorUsesShmem { c.Flags |= ipc.FlagUseShmem @@ -65,3 +58,29 @@ func Default(target *prog.Target) (*ipc.Config, *ipc.ExecOpts, error) { return c, opts, nil } + +func SandboxToFlags(sandbox string) (ipc.EnvFlags, error) { + switch sandbox { + case "none": + return 0, nil + case "setuid": + return ipc.FlagSandboxSetuid, nil + case "namespace": + return ipc.FlagSandboxNamespace, nil + case "android_untrusted_app": + return ipc.FlagSandboxAndroidUntrustedApp, nil + default: + return 0, fmt.Errorf("sandbox must contain one of none/setuid/namespace/android_untrusted_app") + } +} + +func FlagsToSandbox(flags ipc.EnvFlags) string { + if flags&ipc.FlagSandboxSetuid != 0 { + return "setuid" + } else if flags&ipc.FlagSandboxNamespace != 0 { + return "namespace" + } else if flags&ipc.FlagSandboxAndroidUntrustedApp != 0 { + return "android_untrusted_app" + } + return "none" +} -- cgit mrf-deployment