env: add --seal-output to lock down file output options#65
Merged
Conversation
Add a hidden --seal-output flag that prevents any subsequent -D, -T, or -J options from being accepted. This is intended for partially untrusted environments where a trusted runner controls file output locations (by placing -D/-T/-J before --seal-output) but allows untrusted users to append extra filtering, mode, or utrace options without being able to redirect output to arbitrary paths. Since argp processes options left-to-right, the flag works as a simple boolean gate checked before each file-output option. Signed-off-by: Andrii Nakryiko <[email protected]>
Add --record as the explicit counterpart to --replay. The two are mutually exclusive regardless of order. This allows an orchestrator to enforce recording mode by placing --record before user-controlled arguments, preventing replay of potentially untrusted data files. Signed-off-by: Andrii Nakryiko <[email protected]>
Switch from per-element bpf_map_update_elem() to bpf_map_update_batch() when populating the rbs hash-of-maps with ringbuf FDs. Each individual map-in-map update triggers synchronize_rcu() across all CPUs, taking 300+ ms per update. The batch API performs synchronize_rcu() once for the entire batch, reducing wprof startup time on a 316-core machine from ~13 seconds to ~1 second. Signed-off-by: Andrii Nakryiko <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add a hidden --seal-output flag that prevents any subsequent -D, -T, or -J options from being accepted. This is intended for partially untrusted environments where a trusted runner controls file output locations (by placing -D/-T/-J before --seal-output) but allows untrusted users to append extra filtering, mode, or utrace options without being able to redirect output to arbitrary paths.
Since argp processes options left-to-right, the flag works as a simple boolean gate checked before each file-output option.