Check privileges at startup
This commit is contained in:
Alexey Avramov
parent
01787de503
commit
0c8399ed8b
@ -6,8 +6,10 @@ sudo: required
|
|||||||
|
|
||||||
script:
|
script:
|
||||||
- sudo make install
|
- sudo make install
|
||||||
- sudo systemctl enable --now nohang
|
- sudo systemctl enable --now nohang.service
|
||||||
- sudo systemctl stop nohang.service
|
- sudo systemctl stop nohang.service
|
||||||
|
- sudo systemctl enable --now nohang-desktop.service
|
||||||
|
- sudo systemctl stop nohang-service.service
|
||||||
|
|
||||||
- oom-sort -h
|
- oom-sort -h
|
||||||
- oom-sort
|
- oom-sort
|
||||||
@ -19,7 +21,6 @@ script:
|
|||||||
- nohang -cc /etc/nohang/nohang-desktop.conf
|
- nohang -cc /etc/nohang/nohang-desktop.conf
|
||||||
- nohang -cc nohang/test.conf
|
- nohang -cc nohang/test.conf
|
||||||
|
|
||||||
- nohang -p
|
|
||||||
- sudo nohang -p
|
- sudo nohang -p
|
||||||
|
|
||||||
- /bin/sleep 60 &
|
- /bin/sleep 60 &
|
||||||
|
|||||||
@ -11,6 +11,16 @@ from sre_constants import error as invalid_re
|
|||||||
from signal import signal, SIGKILL, SIGTERM, SIGINT, SIGQUIT, SIGHUP, SIGUSR1
|
from signal import signal, SIGKILL, SIGTERM, SIGINT, SIGQUIT, SIGHUP, SIGUSR1
|
||||||
|
|
||||||
|
|
||||||
|
def check_permissions():
|
||||||
|
"""
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
os.path.realpath('/proc/1/exe')
|
||||||
|
except Exception as e:
|
||||||
|
print('ERROR: missing CAP_SYS_PTRACE: {}'.format(e))
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
|
||||||
def memload():
|
def memload():
|
||||||
"""
|
"""
|
||||||
"""
|
"""
|
||||||
@ -1228,16 +1238,16 @@ def mlockall():
|
|||||||
MCL_ONFAULT = 4
|
MCL_ONFAULT = 4
|
||||||
|
|
||||||
libc = CDLL('libc.so.6', use_errno=True)
|
libc = CDLL('libc.so.6', use_errno=True)
|
||||||
|
|
||||||
result = libc.mlockall(
|
result = libc.mlockall(
|
||||||
MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT
|
MCL_CURRENT | MCL_FUTURE | MCL_ONFAULT
|
||||||
)
|
)
|
||||||
|
|
||||||
if result != 0:
|
if result != 0:
|
||||||
result = libc.mlockall(
|
result = libc.mlockall(
|
||||||
MCL_CURRENT | MCL_FUTURE
|
MCL_CURRENT | MCL_FUTURE
|
||||||
)
|
)
|
||||||
if result != 0:
|
if result != 0:
|
||||||
log('WARNING: cannot lock all memory')
|
log('WARNING: cannot lock all memory: [Errno {}]'.format(result))
|
||||||
else:
|
else:
|
||||||
pass
|
pass
|
||||||
# log('All memory locked with MCL_CURRENT | MCL_FUTURE')
|
# log('All memory locked with MCL_CURRENT | MCL_FUTURE')
|
||||||
@ -3489,11 +3499,7 @@ else:
|
|||||||
|
|
||||||
|
|
||||||
if print_proc_table_flag:
|
if print_proc_table_flag:
|
||||||
|
check_permissions()
|
||||||
if not root:
|
|
||||||
log('WARNING: effective UID != 0; euid={}; processes with other e'
|
|
||||||
'uids will be invisible for nohang'.format(self_uid))
|
|
||||||
|
|
||||||
func_print_proc_table()
|
func_print_proc_table()
|
||||||
|
|
||||||
|
|
||||||
@ -3570,13 +3576,10 @@ warn_time_delta = 1000 # ?
|
|||||||
warn_timer = 0
|
warn_timer = 0
|
||||||
|
|
||||||
|
|
||||||
if not root:
|
|
||||||
log('WARNING: effective UID != 0; euid={}; processes with other e'
|
|
||||||
'uids will be invisible for nohang'.format(self_uid))
|
|
||||||
|
|
||||||
|
|
||||||
mlockall()
|
mlockall()
|
||||||
|
|
||||||
|
check_permissions()
|
||||||
|
|
||||||
|
|
||||||
psi_avg_string = '' # will be overwritten if PSI monitoring enabled
|
psi_avg_string = '' # will be overwritten if PSI monitoring enabled
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user