 maksimryndin
|
4883e14482
|
refactor pvf security module (#3047)
resolve https://github.com/paritytech/polkadot-sdk/issues/2321
- [x] refactor `security` module into a conditionally compiled
- [x] rename `amd64` into x86-64 for consistency with conditional
compilation guards and remove reference to a particular vendor
- [x] run unit tests and zombienet
---------
Co-authored-by: s0me0ne-unkn0wn <48632512+s0me0ne-unkn0wn@users.noreply.github.com>
|
2024-02-11 09:59:10 +00:00 |
|
|
jserrat
|
21ef949b6e
|
Use clone instead of fork on pvf (#2477)
@mrcnski Done the change on the prepare worker, once the prepare worker
part is good I'll do the same for the execute worker.
This is based on
https://github.com/koute/polkavm/blob/11beebd06276ce9b84f335350138479e714f6caf/crates/polkavm/src/sandbox/linux.rs#L711.
## TODO
- [x] Add a check for this capability at startup
- [x] Add prdoc mentioning the new Secure Validator Mode (optional)
requirement.
## Related
Closes #2162
---------
Co-authored-by: Marcin S <marcin@realemail.net>
|
2024-01-21 11:15:36 +00:00 |
|
|
Marcin S
|
c046a9d5ed
|
PVF: Add Secure Validator Mode (#2486)
Co-authored-by: Javier Viola <javier@parity.io>
|
2023-12-05 14:32:56 +02:00 |
|
|
Marcin S
|
cfa19c37e6
|
PVF: remove audit log access (#2461)
|
2023-11-25 18:03:58 +02:00 |
|
|
Marcin S
|
408af9b32d
|
PVF: Fix unshare "no such file or directory" error (#2426)
|
2023-11-22 15:45:52 +01:00 |
|
|
Marcin S
|
552be4800d
|
PVF worker: switch on seccomp networking restrictions (#2221)
|
2023-11-21 12:52:46 +01:00 |
|
|
Marcin S
|
7cfc233cdc
|
PVF: fix detection of unshare-and-change-root security capability (#2304)
|
2023-11-14 15:03:19 +01:00 |
|
|
Marcin S
|
5f4ce80266
|
PVF host: Make unavailable security features print a warning (#2244)
Co-authored-by: Bastian Köcher <git@kchr.de>
|
2023-11-13 11:21:16 +01:00 |
|
|
Marcin S
|
9faea380dc
|
PVF worker: Add seccomp restrictions (restrict networking) (#2009)
|
2023-10-31 11:08:08 +01:00 |
|