diff options
Diffstat (limited to 'psx')
| -rw-r--r-- | psx/README | 30 | ||||
| -rw-r--r-- | psx/psx.c | 17 | ||||
| -rw-r--r-- | psx/psx.go | 2 |
3 files changed, 30 insertions, 19 deletions
@@ -1,20 +1,28 @@ -Package psx provides a CGo backed API for invoking system calls in a -way that each system call is mirrored on all pthreads of the combined -Go/CGo runtime. Since the Go runtime treats all pthreads as -interchangeable, a feature like this is needed to meaningfully change -process privilege (including dropping privilege) in a Go program -running on Linux. This package is required by: +Package "psx" provides an API for invoking system calls in a way that +each system call is mirrored on all OS threads of the combined Go/CGo +runtime. Since the Go runtime treats OS threads as interchangeable, a +feature like this is needed to meaningfully change process privilege +(including dropping privilege) in a Go program running on Linux. This +package is required by: "kernel.org/pub/linux/libs/security/libcap/cap" -The functionality is implemented by a C library: libpsx, which is -distributed with the libcap. The official release announcement site -for libcap and libpsx is: +When compiled CGO_ENABLED=0, the functionality requires go1.16+ to +build. That release of Go introduced syscall.AllThreadsSyscall*() +APIs. When compiled this way, the "psx" package functions +psx.Syscall3() and psx.Syscall6() are aliased to +syscall.AllThreadsSyscall() and syscall.AllThreadsSyscall6() +respectively. + +When compiled CGO_ENABLED=1, the functionality is implemented by C +code, [lib]psx, which is distributed with libcap. + +The official release announcement site for libcap and libpsx is: https://sites.google.com/site/fullycapable/ -Like libcap/libpsx itself, the psx package is distributed with a "you -choose" License. Specifically: BSD three clause, or GPL2. See the +Like libcap/libpsx itself, the "psx" package is distributed with a +"you choose" License. Specifically: BSD three clause, or GPL2. See the LICENSE file. Andrew G. Morgan <morgan@kernel.org> @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019,20 Andrew G Morgan <morgan@kernel.org> + * Copyright (c) 2019-21 Andrew G Morgan <morgan@kernel.org> * * This file contains a collection of routines that perform thread * synchronization to ensure that a whole process is running as a @@ -30,12 +30,12 @@ #include "psx_syscall.h" /* - * psx_load_syscalls() is weakly defined so we can have it overridden - * by libpsx if it is linked. Specifically, when libcap calls - * psx_load_sycalls it will override their defaut values. As can be - * seen here this present function is a no-op. However, if libpsx is - * linked, the one present in that library (not being weak) will - * replace this one. + * psx_load_syscalls() can be weakly defined in dependent libraries to + * provide a mechanism for a library to optionally leverage this psx + * mechanism. Specifically, when libcap calls psx_load_sycalls() it + * provides a weakly declared default that maps its system calls to + * the regular system call functions. However, when linked with psx, + * this function here overrides the syscalls to be the psx ones. */ void psx_load_syscalls(long int (**syscall_fn)(long int, long int, long int, long int), @@ -96,7 +96,8 @@ static struct psx_tracker_s { /* * psx_action_key is used for thread local storage of the thread's - * registration. */ + * registration. + */ pthread_key_t psx_action_key; /* @@ -7,6 +7,8 @@ import ( "syscall" ) +// Syscall3 and Syscall6 are aliases for syscall.AllThreadsSyscall* +// when compiled CGO_ENABLED=0. var ( Syscall3 = syscall.AllThreadsSyscall Syscall6 = syscall.AllThreadsSyscall6 |