libseccomp-golang icon indicating copy to clipboard operation
libseccomp-golang copied to clipboard

Published 20 hours ago verified publisher icon seccomp

RFE: ensure parity with the current libseccomp release

Open pcmoore opened this issue 5 years ago • 10 comments

The libseccomp golang bindings have lagged the main libseccomp release for some time now. Before the next release of the bindings we need to go through and ensure that all of the main libseccomp functionality (e.g. ABI support, new APIs, etc.) that makes sense in golang is supported in the golang bindings.

pcmoore avatar Mar 12 '20 13:03 pcmoore

What are some features that are not implemented in here, compared to the C library?

I was only able to find SCMP_FLTATR_CTL_OPTIMIZE support which seems to be trivial to add. Is there anything else?

kolyshkin avatar Aug 03 '21 03:08 kolyshkin

@kolyshkin I don't have a comprehensive list. One item comes to mind, though: the seccomp notify addfd functionality is not implemented in golang, but IIRC it is in the C library.

rata avatar Aug 19 '21 15:08 rata

@pcmoore PTAL https://github.com/seccomp/libseccomp-golang/issues/37#issuecomment-891488113. Can we have a list of features that need to be added?

kolyshkin avatar Sep 15 '21 22:09 kolyshkin

Well, the reason I wrote "... we need to go through and ensure that all of the main libseccomp functionality ..." is that at the time no one had done a gap analysis between the main library and the golang bindings. It looks like @kolyshkin may have now done that, at least to some degree; if not, a good place to start is the main seccomp.h header file.

  • https://github.com/seccomp/libseccomp/blob/main/include/seccomp.h.in

pcmoore avatar Sep 17 '21 02:09 pcmoore

Well, the reason I wrote "... we need to go through and ensure that all of the main libseccomp functionality ..." is that at the time no one had done a gap analysis between the main library and the golang bindings. It looks like @kolyshkin may have now done that, at least to some degree; if not, a good place to start is the main seccomp.h header file.

* https://github.com/seccomp/libseccomp/blob/main/include/seccomp.h.in

Agreed. Unfortunately we dug ourselves a small hole when we added new features to libseccomp proper but didn't add corresponding RFE issues to libseccomp-golang.

But once we're caught up, this should be manageable now that we're all aware of the problem.

drakenclimber avatar Sep 17 '21 18:09 drakenclimber

I have a WIP implementation of SCMP_FLTATR_API_SYSRAWRC and SCMP_FLTATR_CTL_OPTIMIZE support, which I'll finalize and open a PR for as soon as the existing PRs (#70, #72, #74) are approved and merged, as otherwise there will be conflicting hunks.

kolyshkin avatar Sep 18 '21 19:09 kolyshkin

I have a WIP implementation of SCMP_FLTATR_API_SYSRAWRC and SCMP_FLTATR_CTL_OPTIMIZE support, which I'll finalize and open a PR for

For the sake of completeness, here it is: https://github.com/seccomp/libseccomp-golang/pull/75

Is there anything else that's missing from this package, compared to the C library?

kolyshkin avatar Oct 29 '21 21:10 kolyshkin

Is there anything else that's missing from this package, compared to the C library?

@pcmoore @drakenclimber as per previous comment, I need some help identifying the gaps that have yet to be filled. Does not need to be elaborate and/or precise -- a quick bullet point list will do.

kolyshkin avatar Nov 22 '21 17:11 kolyshkin

As this is a larger undertaking, I'm wondering if we should move this to the v1.0.0 milestone so we don't hold up any of the v0.Y.Z releases?

pcmoore avatar May 19 '22 22:05 pcmoore

As this is a larger undertaking, I'm wondering if we should move this to the v1.0.0 milestone so we don't hold up any of the v0.Y.Z releases?

👍🏻 👍🏻 Voting "yes" with both hands.

kolyshkin avatar May 19 '22 23:05 kolyshkin