config-linux.md: fix seccomp #706
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cyphar
reviewed
Mar 2, 2017
config-linux.md
Outdated
|
|
||
| Seccomp provides application sandboxing mechanism in the Linux kernel. | ||
| **`seccomp`** (object, OPTIONAL) provides application sandboxing mechanism in the Linux kernel. |
There was a problem hiding this comment.
I don't feel this is correct, mainly because "Seccomp" here is referring to the kernel feature not the object in the spec. One of the other "Seccomp" references should be changed.
There was a problem hiding this comment.
One of the other "Seccomp" references should be changed.
+1 to not changing this instance, but I don't think there is another reference which should be changed instead. I think the seccomp section is just missing a Markdown spec, so we need to add completely new language along the lines of:
* **`seccomp`** (object, OPTIONAL)
The following parameters can be specified to setup seccomp:
* **`defaultAction`** (string, REQUIRED) …something about what this means…
Runtimes MUST support at least the following values:
* `SCMP_ACT_KILL`
* `SCMP_ACT_TRAP`
…
…
zhouhao3
force-pushed
the
fix-seecomp
branch
3 times, most recently
from
a8ca515 to
d1cbe8c
Compare
zhouhao3
commented
Mar 10, 2017
config-linux.md
Outdated
| * **`args`** *(object, OPTIONAL)* - the specific syscall in seccomp. | ||
|
|
||
| * **`op`** *(string, REQUIRED)* - the operator for syscall arguments in seccomp. Implementations MUST support at least the following values: | ||
|
|
There was a problem hiding this comment.
Do not support further indentation here, what good way? In addition there are some fields, whether it is necessary to write all?
There was a problem hiding this comment.
Do not support further indentation here, what good way?
Markdown lists should be nested with four-space indents (see also #495). So you want something like:
* **`seccomp`** (object, OPTIONAL)
The following parameters can be specified to setup seccomp:
* **`defaultAction`** *(string, REQUIRED)* - the default action for seccomp.
* **`architectures`** *(array, OPTIONAL)* - the architecture used for system calls.
Implementations MUST support at least the following values:
* `SCMP_ARCH_X86`
…
41714d0 to
1da3cd0
Compare
wking
reviewed
Mar 14, 2017
config-linux.md
Outdated
|
|
||
| The following parameters can be specified to setup seccomp: | ||
|
|
||
| * **`defaultAction`** *(string, REQUIRED)* - the default action for seccomp. |
There was a problem hiding this comment.
I think this entry needs another line like:
Allowed values are the same as
sycalls[].action.
to give some guidance on the expected string values.
config-linux.md
Outdated
|
|
||
| * **`defaultAction`** *(string, REQUIRED)* - the default action for seccomp. | ||
|
|
||
| * **`architectures`** *(array, OPTIONAL)* - the architecture used for system calls. |
There was a problem hiding this comment.
“array” → “array of strings”.
config-linux.md
Outdated
| * `SCMP_ARCH_PARISC` | ||
| * `SCMP_ARCH_PARISC64` | ||
|
|
||
| * **`syscalls`** *(object, REQUIRED)* - match a syscall in seccomp. |
There was a problem hiding this comment.
“object” → “array of objects”. And then a new line like:
Each entry has the following structure:
to match the precedent set here.
config-linux.md
Outdated
| * `SCMP_ACT_TRACE` | ||
| * `SCMP_ACT_ALLOW` | ||
|
|
||
| * **`args`** *(object, OPTIONAL)* - the specific syscall in seccomp. |
There was a problem hiding this comment.
“object” → “array of objects”. And then a new line like:
Each entry has the following structure:
Also, you list op, but it looks like you also need to document the index, value, and valueTwo properties.
zhouhao3
force-pushed
the
fix-seecomp
branch
3 times, most recently
from
9f8b0da to
549cf8f
Compare
|
LGTM |
wking
reviewed
Mar 16, 2017
config-linux.md
Outdated
|
|
||
| The following parameters can be specified to setup seccomp: | ||
|
|
||
| * **`defaultAction`** *(string, REQUIRED)* - the default action for seccomp. Allowed values are the same as sycalls[].action. |
There was a problem hiding this comment.
Backticks around syscalls[].action (and fix the sycalls → syscalls typo). Also maybe split a new line at the sentence break.
hqhq
reviewed
Mar 20, 2017
config-linux.md
Outdated
|
|
||
| Each entry has the following structure: | ||
|
|
||
| * **`names`** *(array of strings, REQUIRED)* - the name of the syscall. |
hqhq
reviewed
Mar 20, 2017
config-linux.md
Outdated
|
|
||
| * **`value`** *(uint64, REQUIRED)* - the value for syscall arguments in seccomp. | ||
|
|
||
| * **`valueTow`** *(uint, REQUIRED)* - the value for syscall arguments in seccomp. |
hqhq
requested changes
Mar 20, 2017
config-linux.md
Outdated
| @@ -498,41 +498,69 @@ For more information about Seccomp, see [Seccomp][seccomp] kernel documentation. | |||
| The actions, architectures, and operators are strings that match the definitions in seccomp.h from [libseccomp][] and are translated to corresponding values. | |||
| A valid list of constants as of libseccomp v2.3.2 is shown below. | |||
There was a problem hiding this comment.
These two sentences should be moved to below sections and adapted accordingly.
config-linux.md
Outdated
| * **`defaultAction`** *(string, REQUIRED)* - the default action for seccomp. Allowed values are the same as `syscalls[].action`. | ||
|
|
||
| * **`architectures`** *(array of strings, OPTIONAL)* - the architecture used for system calls. | ||
| Implementations MUST support at least the following values: |
There was a problem hiding this comment.
As said above, these values are copied from certain version of libseccomp, we should not use MUST here to force implementations use certain version of libseccomp.
hqhq
approved these changes
Mar 20, 2017
|
LGTM |
wking
reviewed
Mar 20, 2017
config-linux.md
Outdated
|
|
||
| * **`value`** *(uint64, REQUIRED)* - the value for syscall arguments in seccomp. | ||
|
|
||
| * **`valueTow`** *(uint64, REQUIRED)* - the value for syscall arguments in seccomp. |
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
|
@crosbymichael @hqhq PTAL |
|
LGTM |
1 similar comment
|
LGTM |
This was referenced Mar 27, 2017
wking
added a commit
to wking/opencontainer-runtime-spec
that referenced
this pull request
Apr 7, 2017
It used to have this, but the omitempty was dropped in 652323c (improve seccomp format to be more expressive, 2017-01-13, opencontainers#657). However, the docs that landed in 3ca5c6c (config-linux.md: fix seccomp, 2017-03-02, opencontainers#706) list the property as optional, and if it is optional, we can leave it unset instead of serializing an empty array. Signed-off-by: W. Trevor King <wking@tremily.us>
wking
added a commit
to wking/opencontainer-runtime-spec
that referenced
this pull request
Apr 12, 2017
Before this commit, linux.seccomp.sycalls was required, but we didn't require an entry in the array. That means '"syscalls": []' would be technically valid, and I'm pretty sure that's not what we want. If it makes sense to have a seccomp property that does not need syscalls entries, then syscalls should be optional (which is what this commit is doing). If it does not makes sense to have an empty/unset syscalls then it should be required and have a minimum length of one. Before 652323c (improve seccomp format to be more expressive, 2017-01-13, opencontainers#657), syscalls was omitempty (and therefore more optional-feeling, although there was no real Markdown spec for seccomp before 3ca5c6c, config-linux.md: fix seccomp, 2017-03-02, opencontainers#706, so it's hard to know). This commit has gone with OPTIONAL, because a seccomp config which only sets defaultAction seems potentially valid. Signed-off-by: W. Trevor King <wking@tremily.us>
wking
added a commit
to wking/opencontainer-runtime-spec
that referenced
this pull request
Apr 12, 2017
Before this commit, linux.seccomp.sycalls was required, but we didn't require an entry in the array. That means '"syscalls": []' would be technically valid, and I'm pretty sure that's not what we want. If it makes sense to have a seccomp property that does not need syscalls entries, then syscalls should be optional (which is what this commit is doing). If it does not makes sense to have an empty/unset syscalls then it should be required and have a minimum length of one. Before 652323c (improve seccomp format to be more expressive, 2017-01-13, opencontainers#657), syscalls was omitempty (and therefore more optional-feeling, although there was no real Markdown spec for seccomp before 3ca5c6c, config-linux.md: fix seccomp, 2017-03-02, opencontainers#706, so it's hard to know). This commit has gone with OPTIONAL, because a seccomp config which only sets defaultAction seems potentially valid. Also add the previously-missing 'required' property to the seccomp JSON Schema entry. Signed-off-by: W. Trevor King <wking@tremily.us>
wking
added a commit
to wking/opencontainer-runtime-spec
that referenced
this pull request
Apr 25, 2017
Before this commit, linux.seccomp.sycalls was required, but we didn't require an entry in the array. That means '"syscalls": []' would be technically valid, and I'm pretty sure that's not what we want. If it makes sense to have a seccomp property that does not need syscalls entries, then syscalls should be optional (which is what this commit is doing). If it does not makes sense to have an empty/unset syscalls then it should be required and have a minimum length of one. Before 652323c (improve seccomp format to be more expressive, 2017-01-13, opencontainers#657), syscalls was omitempty (and therefore more optional-feeling, although there was no real Markdown spec for seccomp before 3ca5c6c, config-linux.md: fix seccomp, 2017-03-02, opencontainers#706, so it's hard to know). This commit has gone with OPTIONAL, because a seccomp config which only sets defaultAction seems potentially valid. The SCMP_ACT_KILL example is prompted by: On Tue, Apr 25, 2017 at 01:32:26PM -0700, David Lyle wrote [1]: > Technically, OPTIONAL is the right value, but unless you specify the > default action for seccomp to be SCMP_ACT_ALLOW the result will be > an error at run time. > > I would suggest an additional clarification to this fact in > config-linux.md would be very helpful if marking syscall as > OPTIONAL. I've phrased the example more conservatively, because I'm not sure that SCMP_ACT_ALLOW is the only possible value to avoid an error. For example, perhaps a SCMP_ACT_TRACE default with an empty syscalls array would not die on the first syscall. The point of the example is to remind config authors that without a useful syscalls array, the default value is very important ;). Also add the previously-missing 'required' property to the seccomp JSON Schema entry. [1]: opencontainers#768 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
wking
added a commit
to wking/opencontainer-runtime-spec
that referenced
this pull request
Apr 25, 2017
Before this commit, linux.seccomp.sycalls was required, but we didn't require an entry in the array. That means '"syscalls": []' would be technically valid, and I'm pretty sure that's not what we want. If it makes sense to have a seccomp property that does not need syscalls entries, then syscalls should be optional (which is what this commit is doing). If it does not makes sense to have an empty/unset syscalls then it should be required and have a minimum length of one. Before 652323c (improve seccomp format to be more expressive, 2017-01-13, opencontainers#657), syscalls was omitempty (and therefore more optional-feeling, although there was no real Markdown spec for seccomp before 3ca5c6c, config-linux.md: fix seccomp, 2017-03-02, opencontainers#706, so it's hard to know). This commit has gone with OPTIONAL, because a seccomp config which only sets defaultAction seems potentially valid. The SCMP_ACT_KILL example is prompted by: On Tue, Apr 25, 2017 at 01:32:26PM -0700, David Lyle wrote [1]: > Technically, OPTIONAL is the right value, but unless you specify the > default action for seccomp to be SCMP_ACT_ALLOW the result will be > an error at run time. > > I would suggest an additional clarification to this fact in > config-linux.md would be very helpful if marking syscall as > OPTIONAL. I've phrased the example more conservatively, because I'm not sure that SCMP_ACT_ALLOW is the only possible value to avoid an error. For example, perhaps a SCMP_ACT_TRACE default with an empty syscalls array would not die on the first syscall. The point of the example is to remind config authors that without a useful syscalls array, the default value is very important ;). Also add the previously-missing 'required' property to the seccomp JSON Schema entry. [1]: opencontainers#768 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: zhouhao zhouhao@cn.fujitsu.com