feat(fspy): improve tracking static executables using seccomp_unotify#258
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
branchseer
changed the title
branchseer
force-pushed
the
10-24-feat_fspy_resolve_relative_paths_tracked_by_seccomp-filter
branch
from
74f9ca1 to
84fbc43
Compare
branchseer
force-pushed
the
10-24-fix_fspy_fix_ipc_of_seccomp_filter_fd
branch
from
a0847f3 to
687857f
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the Linux syscall tracking functionality for static executables to support more file system operations and fixes a blocking issue in the tokio runtime. The changes enable comprehensive tracking of file accesses, directory listings, stat operations, and executable launches.
Key changes:
- Fixed a tokio runtime blocking issue by moving
tokio_command.spawn()intospawn_blocking - Extended syscall tracking to support
execve,execveat,openat2,getdents, and variousstatsyscalls - Refactored syscall handling code into separate modules with improved path resolution for relative paths
Reviewed Changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| crates/fspy_test_bin/src/main.rs | Added test cases for new syscall operations (openat2, readdir, stat, execve) with platform-specific guards |
| crates/fspy_test_bin/Cargo.toml | Made nix dependency Linux-specific to support new test operations |
| crates/fspy_seccomp_unotify/tests/arg_types.rs | Updated test to use new Caller API for reading remote process memory |
| crates/fspy_seccomp_unotify/src/supervisor/mod.rs | Changed error handling to prevent supervisor loop breaks from individual syscall errors |
| crates/fspy_seccomp_unotify/src/supervisor/handler/mod.rs | Modified macro to inject Caller parameter into syscall handlers |
| crates/fspy_seccomp_unotify/src/supervisor/handler/arg.rs | Refactored remote memory reading with new Caller abstraction and ProcessVmReader |
| crates/fspy/tests/static_executable.rs | Added comprehensive tests for all new syscall tracking capabilities |
| crates/fspy/src/unix/syscall_handler/stat.rs | Added handlers for stat-family syscalls |
| crates/fspy/src/unix/syscall_handler/open.rs | Added handlers for open and openat2 syscalls with flag parsing |
| crates/fspy/src/unix/syscall_handler/mod.rs | Refactored into modular structure with improved path resolution and access mode detection |
| crates/fspy/src/unix/syscall_handler/getdents.rs | Added handlers for getdents syscalls |
| crates/fspy/src/unix/syscall_handler/execve.rs | Added handlers for execve and execveat syscalls |
| crates/fspy/src/unix/mod.rs | Fixed blocking issue by wrapping spawn in spawn_blocking |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I will release a version using the 10-24-feat_fspy_resolve_relative_paths_tracked_by_seccomp-filter branch, then verify it in vibe-dashboard, and merge if passes. |
Linux work https://github.com/voidzero-dev/vibe-dashboard/actions/runs/18800976103/job/53648438979?pr=89 |
branchseer
changed the base branch from
10-24-fix_fspy_fix_ipc_of_seccomp_filter_fd
to
graphite-base/258
# Conflicts: # crates/fspy/src/unix/syscall_handler/mod.rs # Conflicts: # crates/fspy/src/unix/syscall_handler/mod.rs # crates/fspy_seccomp_unotify/src/supervisor/handler/mod.rs
branchseer
force-pushed
the
10-24-feat_fspy_resolve_relative_paths_tracked_by_seccomp-filter
branch
from
84fbc43 to
bb2804e
Compare
branchseer
force-pushed
the
graphite-base/258
branch
from
687857f to
1c7c9d7
Compare
Windows Need to keep looking further https://github.com/voidzero-dev/vibe-dashboard/actions/runs/18800976103/job/53648438970?pr=89 |
Merge activity
|
branchseer
deleted the
10-24-feat_fspy_resolve_relative_paths_tracked_by_seccomp-filter
branch
Improve tracking static executables using seccomp_unotify
Enhanced the Linux syscall tracking to capture more file system operations and fixed a blocking issue in the tokio runtime.
What changed?
tokio_command.spawn()tospawn_blockingexecveandexecveatsyscallsgetdentsandgetdents64syscallsstat,lstat,newfstatat, andfstatatsyscallsopenat2syscallWhy make this change?
Tracking static executables with
seccomp_unotify was half-baked, but now that we should officially support oxlint type-aware linting, it needs to be polished.