mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-04-26 18:07:58 +00:00
jserrat
21ef949b6e
@mrcnski Done the change on the prepare worker, once the prepare worker part is good I'll do the same for the execute worker. This is based on https://github.com/koute/polkavm/blob/11beebd06276ce9b84f335350138479e714f6caf/crates/polkavm/src/sandbox/linux.rs#L711. ## TODO - [x] Add a check for this capability at startup - [x] Add prdoc mentioning the new Secure Validator Mode (optional) requirement. ## Related Closes #2162 --------- Co-authored-by: Marcin S <marcin@realemail.net>
23 lines
804 B
Plaintext
23 lines
804 B
Plaintext
title: "Use clone instead of fork on pvf"
|
|
|
|
doc:
|
|
- audience: Node Operator
|
|
description: |
|
|
For validators: Adds a new, optional security capability.
|
|
Most modern Linux machines should support it, otherwise you will get a warning like:
|
|
"- Optional: Cannot call clone with all sandboxing flags, a Linux-specific kernel security features: not available"
|
|
If you are already running in a secure environment such as a container, this may conflict with our security features; your only option may be to ignore the warning.
|
|
Otherwise, it is recommended to upgrade your Linux version!
|
|
|
|
migrations:
|
|
db: []
|
|
|
|
runtime: []
|
|
|
|
crates:
|
|
- name: polkadot-node-core-pvf
|
|
- name: polkadot-node-core-pvf-prepare-worker
|
|
- name: polkadot-node-core-pvf-execute-worker
|
|
|
|
host_functions: []
|