Clarify documentation for Set{Task,Exec}Label #113
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
There are more calls then just these that need your comment. Also you need to sign your PR. |
|
SetFSCreateLabel(label string) |
gitstashpop
force-pushed
the
clarify-settasklabel
branch
from
933337c
to
4bfb31f
Compare
|
LGTM |
thaJeztah
approved these changes
Jul 24, 2020
go-selinux/selinux.go
Outdated
Comment on lines
66
to
71
| // SetFSCreateLabel tells the kernel the label to create all file system objects | ||
| // created by this task. Set label="" to return to the default label. Calls to SetFSCreateLabel | ||
| // should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until file system | ||
| // objects created by this task are finished to guarantee another goroutine does not migrate | ||
| // to the current thread before execution is complete. |
There was a problem hiding this comment.
Not a blocker (as it was already a bit confusing), but the first line is a bit hard to grasp. Perhaps something like;
Suggested change
| // SetFSCreateLabel tells the kernel the label to create all file system objects | |
| // created by this task. Set label="" to return to the default label. Calls to SetFSCreateLabel | |
| // should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until file system | |
| // objects created by this task are finished to guarantee another goroutine does not migrate | |
| // to the current thread before execution is complete. | |
| // SetFSCreateLabel tells the kernel what label to use for all file system objects created by this task. | |
| // Set label to an empty string to return to the default label. Calls to SetFSCreateLabel | |
| // should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until file system | |
| // objects created by this task are finished to guarantee another goroutine does not migrate | |
| // to the current thread before execution is complete. |
(suggestions welcome! /cc @rhatdan)
|
@yulicrunchy Please take @thaJeztah input and then we can merge. |
In Go, there are no guarantees which goroutine runs in which thread.
It is important to wrap calls to Set{Task,Exec,FsCreate,Socket,Key}Label
with runtime.LockOSThread() and runtime.UnlockOSThread() to ensure reliable
behavior of goroutine labeling.
Signed-off-by: Yuli Khodorkovskiy <yuli@crunchydata.com>
gitstashpop
force-pushed
the
clarify-settasklabel
branch
from
4bfb31f
to
54d92ee
Compare
|
LGTM |
|
@rhatdan @kolyshkin PTAL |
|
Thanks @yulicrunchy. This is an issue that often trips people up, including me. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In Go, there are no guarantees which goroutine runs in which thread.
It is therefore important to wrap calls to Set{Task,Exec}Label with
runtime.LockOSThread() and runtime.UnlockOSThread() to ensure reliable
behavior of goroutine labeling.