Skip to content

seccomp: skip supervisor for nested calls#119

Merged
Snaipe merged 1 commit intoaristanetworks:mainfrom
Snaipe:fix/seccomp-nesting
Oct 29, 2025
Merged

seccomp: skip supervisor for nested calls#119
Snaipe merged 1 commit intoaristanetworks:mainfrom
Snaipe:fix/seccomp-nesting

Conversation

@Snaipe
Copy link
Member

@Snaipe Snaipe commented Oct 29, 2025

The old code returned a fake epoll fd as the supervisor fd to avoid refactoring the fd passing code, but it was just a hack.

This commit does things properly by allowing send_fd to accept -1 to signify "send no file descriptor". A matching recv_fd will in turn return -1.

This allows us to return -1 when the supervisor already exists somewhere up the chain and skip the nested supervisor loop if that's the case.

@Snaipe
seccomp: skip supervisor for nested calls
edf0b61 
The old code returned a fake epoll fd as the supervisor fd to avoid
refactoring the fd passing code, but it was just a hack.

This commit does things properly by allowing send_fd to accept -1 to
signify "send no file descriptor". A matching recv_fd will in turn
return -1.

This allows us to return -1 when the supervisor already exists somewhere
up the chain and skip the nested supervisor loop if that's the case.
@Snaipe Snaipe merged commit 9ebea92 into aristanetworks:main Oct 29, 2025
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yabberyabber yabberyabber yabberyabber approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Snaipe @yabberyabber