Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime: use tgkill instead of tkill #27548

Closed
prattmic opened this issue Sep 7, 2018 · 1 comment

Comments

Projects
None yet
4 participants
@prattmic
Copy link
Contributor

commented Sep 7, 2018

This has been proposed previously (#24924), but was closed because Android allows tkill.

However, generally tgkill allows creation of a stricter sandbox (note that tkill is only used in runtime.raise to send a signal to the current thread).

With kill and tgkill, the sandbox policy (e.g., seccomp) can prevent the program from sending signals to other processes by checking that the first argument == getpid().

With tkill, the policy must whitelist all tids in the process, which is effectively impossible given Go's dynamic thread creation.

Specifically, this applies to the gVisor project, where we do not allow tkill in our seccomp policy. At the moment, we attempt to emulate the standard Go runtime signal behavior. This works, but I don't see any downsides to using tgkill in raise, and other sandboxed Go programs could benefit, hence this feature request.

cc @ianlancetaylor @eliasnaur

@gopherbot

This comment has been minimized.

Copy link

commented Sep 7, 2018

Change https://golang.org/cl/133975 mentions this issue: runtime: use tgkill for raise

@tklauser tklauser added the OS-Linux label Sep 7, 2018

@bcmills bcmills added this to the Go1.12 milestone Sep 7, 2018

@gopherbot gopherbot closed this in 43f54c8 Sep 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.