Google Git
Sign in
fuchsia / shac-project / shac / e0f5576d5b5cd2a4a62d5c17396147e7c62441b3
commite0f5576d5b5cd2a4a62d5c17396147e7c62441b3[log] [tgz]
authorMarc-Antoine Ruel <maruel@google.com>Mon May 01 13:29:41 2023 +0000
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon May 01 13:29:41 2023 +0000
tree1f10a7d4db60f7307f58682c4b707964a3e318e8
parent6f8419b519304decd71552a35d521a4947da35c5 [diff]
[sandbox] Lock between writing nsjail and fork+exec

There's a concurrency bug that exhibits during unit tests with high
parallelism. Use a RWMutex so no fork+exec is done while writing a
nsjail file.

We can get rid of the lock once we reimplement the needed part of nsjail
in Go.

Note that since it uses a RWMutex, perf impact on normal usage is
miminal, concurrent fork+exec is still allowed and nsjail is written
only once during normal "shac check" execution.

Change-Id: Ia476722d91005ac6bff0c17b93f2123723538230
Reviewed-on: https://fuchsia-review.googlesource.com/c/shac-project/shac/+/843736
Reviewed-by: Oliver Newman <olivernewman@google.com>
Fuchsia-Auto-Submit: Marc-Antoine Ruel <maruel@google.com>
Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
2 files changed
tree: 1f10a7d4db60f7307f58682c4b707964a3e318e8
  1. .github/
  2. doc/
  3. internal/
  4. scripts/
  5. .gitignore
  6. AUTHORS
  7. check_doc.star
  8. codecov.yml
  9. CONTRIBUTING.md
  10. go.mod
  11. go.star
  12. go.sum
  13. LICENSE
  14. licenses.star
  15. main.go
  16. OWNERS
  17. PATENTS
  18. README.md
  19. shac.star
README.md

shac

Scalable Hermetic Analysis and Checks.

Usage

go install go.fuchsia.dev/shac-project/shac@latest
shac check
shac doc shac.star | less

Documentation

Contributing

⚠ The source of truth is at https://fuchsia.googlesource.com/shac-project/shac.git and uses Gerrit for code review.

See CONTRIBUTING.md to submit changes.