Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PVF: Add Secure Validator Mode #2486

Merged
merged 28 commits into from
Dec 5, 2023
Merged
Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
4cb5913
PVF: Add Secure Validator Mode
mrcnski Nov 21, 2023
c3d512c
Merge branch 'master' into mrcnski/pvf-add-secure-validator-mode
mrcnski Nov 21, 2023
f44ca5f
Minor fix
mrcnski Nov 21, 2023
bd80771
Properly handle missing security features worker-side; big refactor
mrcnski Nov 22, 2023
69c117f
Merge branch 'master' into mrcnski/pvf-add-secure-validator-mode
mrcnski Nov 23, 2023
cb91ed1
Make only one FS security feature required
mrcnski Nov 24, 2023
61b80d8
Refactor secure mode code a bit
mrcnski Nov 24, 2023
ba03492
Fix check_seccomp and check_landlock errs not being logged to stderr
mrcnski Nov 24, 2023
0ce35ab
Merge branch 'master' into mrcnski/pvf-add-secure-validator-mode
mrcnski Nov 24, 2023
ec9bd4b
Fix unshare error (cannot run in multithreaded context)
mrcnski Nov 24, 2023
090d2d9
Update some comments
mrcnski Nov 24, 2023
dc7961d
Some fixes
mrcnski Nov 24, 2023
8a72556
Fix bench
mrcnski Nov 24, 2023
a4d173c
Merge branch 'master' into mrcnski/pvf-add-secure-validator-mode
mrcnski Nov 26, 2023
6520dd8
fix CI
mrcnski Nov 26, 2023
f5f11bd
Remove old TODO
mrcnski Nov 27, 2023
3aa8bd4
Merge remote-tracking branch 'origin/mrcnski/pvf-add-secure-validator…
mrcnski Nov 28, 2023
da7127c
Address some review comments
mrcnski Nov 29, 2023
13f5e92
Merge branch 'master' into mrcnski/pvf-add-secure-validator-mode
mrcnski Nov 29, 2023
26ca19c
Update doc
mrcnski Nov 29, 2023
fccc36a
Merge branch 'master' into mrcnski/pvf-add-secure-validator-mode
mrcnski Dec 1, 2023
0ffa527
Fix rustdoc warning
mrcnski Dec 1, 2023
8fa147f
bump zombienet version
pepoviola Dec 1, 2023
f1b3539
Baby's first prdoc
mrcnski Dec 1, 2023
5509b31
Zombienet, add script to update cmd and fix upgrade-node test
pepoviola Dec 4, 2023
2209855
bump zombienet version
pepoviola Dec 4, 2023
0469f56
Merge branch 'master' into mrcnski/pvf-add-secure-validator-mode
mrcnski Dec 5, 2023
27b45a0
Fix prdoc 😢
mrcnski Dec 5, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 14 additions & 7 deletions polkadot/node/core/pvf/tests/it/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -417,19 +417,26 @@ async fn prepare_can_run_serially() {
#[tokio::test]
async fn all_security_features_work() {
// Landlock is only available starting Linux 5.13, and we may be testing on an old kernel.
let sysinfo = sc_sysinfo::gather_sysinfo();
// The version will look something like "5.15.0-87-generic".
let version = sysinfo.linux_kernel.unwrap();
let version_split: Vec<&str> = version.split(".").collect();
let major: u32 = version_split[0].parse().unwrap();
let minor: u32 = version_split[1].parse().unwrap();
let can_enable_landlock = if major >= 6 { true } else { minor >= 13 };
let can_enable_landlock = {
let sysinfo = sc_sysinfo::gather_sysinfo();
// The version will look something like "5.15.0-87-generic".
let version = sysinfo.linux_kernel.unwrap();
let version_split: Vec<&str> = version.split(".").collect();
let major: u32 = version_split[0].parse().unwrap();
let minor: u32 = version_split[1].parse().unwrap();
if major >= 6 {
true
} else {
minor >= 13
}
mrcnski marked this conversation as resolved.
Show resolved Hide resolved
};

let host = TestHost::new().await;

assert_eq!(
host.security_status().await,
SecurityStatus {
secure_validator_mode: false,
can_enable_landlock,
can_enable_seccomp: true,
can_unshare_user_namespace_and_change_root: true,
Expand Down