Skip to content

Support SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV #3862

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Support SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV #3862

wants to merge 1 commit into from

Conversation

@utam0k
Copy link
Member

@utam0k utam0k commented May 11, 2023

Fix #3860

I didn't find a good way to test SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV 😭

@utam0k
Copy link
Member Author

utam0k commented May 11, 2023

crun: containers/crun#1008

@AkihiroSuda
Copy link
Member

AkihiroSuda commented May 11, 2023
edited
Loading

Could you remove:

runc/docs/spec-conformance.md

Line 16 in 6beb3c6

v1.1.0-rc.1 | `SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV` | TODO ([#3860](https://github.com/opencontainers/runc/issues/3860))

@AkihiroSuda AkihiroSuda added this to the 1.2.0 milestone May 11, 2023
@kolyshkin
Copy link
Contributor

kolyshkin commented May 11, 2023

I guess this needs to be

  • added to a released libseccomp version
  • added to libseccomp-golang

Once in, we can implement it in runc.

@AkihiroSuda AkihiroSuda modified the milestones: 1.2.0, 1.3.0 May 11, 2023
@utam0k
Copy link
Member Author

utam0k commented May 12, 2023

I guess this needs to be

  • added to a released libseccomp version
  • added to libseccomp-golang

Once in, we can implement it in runc.

I see. I will make this PR the draft PR once.

@utam0k utam0k marked this pull request as draft May 12, 2023 11:32
@kolyshkin
Copy link
Contributor

kolyshkin commented Jan 10, 2025
edited
Loading

A quick status update.

For libseccomp, it looks like support for SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV / SCMP_FLTATR_CTL_WAITKILL is added in seccomp/libseccomp#387 which has 2.6.0 milestone. Indeeed, the functionality is not in a released version as of time of writing this (Jan 2025).

So this PR have to wait for:

  • libseccomp 2.6.0 release
  • libseccomp-golang release which syncs features from libseccomp 2.6.0

@kolyshkin
Copy link
Contributor

kolyshkin commented Feb 7, 2025

  • libseccomp 2.6.0 release

This is now DONE!

  • libseccomp-golang release which syncs features from libseccomp 2.6.0

This is being done in seccomp/libseccomp-golang#114 (there will be more PRs, and eventually a ne release).

@kolyshkin kolyshkin mentioned this pull request Feb 7, 2025
Merged
@rata
Copy link
Member

rata commented Apr 8, 2025

Moving to 1.4 because this doesn't seem ready and it seems like a feature, that we shouldn't merge at this point for 1.3.

Don't hesitate to speak-up if you want this in 1.3 anyways.

@rata rata modified the milestones: 1.3.0, 1.4.0-rc.1 Apr 8, 2025
@kolyshkin
Copy link
Contributor

kolyshkin commented Apr 8, 2025

We still need libseccomp-golang release, which is more-or-less in review ATM

@cyphar cyphar modified the milestones: 1.4.0-rc.1, 1.5.0-rc.1 Aug 27, 2025
@AkihiroSuda
Copy link
Member

AkihiroSuda commented Sep 2, 2025

What is the current status?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/seccomp

Projects

None yet

Milestone

1.5.0-rc.1

Development

Successfully merging this pull request may close these issues.

Support SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV

5 participants

@utam0k @AkihiroSuda @kolyshkin @rata @cyphar