Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

capability: use pr_CAP_AMBIENT_CLEAR_ALL to reduce pr_CAP_AMBIENT_LOWER syscall #164

Merged
merged 2 commits into from
Oct 10, 2024
Merged

capability: use pr_CAP_AMBIENT_CLEAR_ALL to reduce pr_CAP_AMBIENT_LOWER syscall #164

merged 2 commits into from
Oct 10, 2024

Conversation

lifubang
Copy link
Contributor

When we want to set ambient capability for current process/thread, we can clear it first, and set them later one by one.
We don't need to clear all supported but unused capabilities one by one.

Close #163

@lifubang lifubang force-pushed the ambient-clearall-first branch from 5f8565f to cc3a106 Compare September 27, 2024 16:10
@kolyshkin
Copy link
Collaborator

kolyshkin commented Sep 27, 2024
edited
Loading

This is definitely an improvement, thank you!

Can we have a test case added?

@lifubang lifubang force-pushed the ambient-clearall-first branch from cc3a106 to 6d5ac2a Compare September 28, 2024 15:25
@lifubang lifubang requested a review from kolyshkin September 28, 2024 15:27
@lifubang lifubang mentioned this pull request Sep 30, 2024
Closed
@lifubang lifubang force-pushed the ambient-clearall-first branch 2 times, most recently from d24b995 to 472a317 Compare October 1, 2024 01:13
kolyshkin
kolyshkin requested changes Oct 6, 2024
View reviewed changes
Copy link
Collaborator

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is moby/sys repo which contain a bunch of packages, can you please prepend each commit title with capability: prefix?

@lifubang lifubang force-pushed the ambient-clearall-first branch from 472a317 to 97c671e Compare October 7, 2024 01:44
kolyshkin
kolyshkin approved these changes Oct 10, 2024
View reviewed changes
Copy link
Collaborator

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kolyshkin kolyshkin changed the title use pr_CAP_AMBIENT_CLEAR_ALL to reduce pr_CAP_AMBIENT_LOWER syscall capability: use pr_CAP_AMBIENT_CLEAR_ALL to reduce pr_CAP_AMBIENT_LOWER syscall Oct 10, 2024
@kolyshkin kolyshkin merged commit da487b0 into moby:main Oct 10, 2024
19 checks passed
@lifubang lifubang deleted the ambient-clearall-first branch October 15, 2024 05:40
@kolyshkin kolyshkin mentioned this pull request Nov 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kolyshkin kolyshkin kolyshkin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

capability: reduce prctl syscall when setting ambient cap set
2 participants
@lifubang @kolyshkin