Conversation
j-ogas
reviewed
Mar 30, 2026
| SPDX-License-Identifier: Apache-2.0 */ | ||
|
|
||
| /* WARNING: At present, this file is merely Reid’s musings about APIs and is | ||
| unlikely to even compile. In porticular, lots of this belongs elsewhere in |
Collaborator
There was a problem hiding this comment.
Suggested change
| unlikely to even compile. In porticular, lots of this belongs elsewhere in | |
| unlikely to even compile. In particular, lots of this belongs elsewhere in |
| \n\ | ||
| There are two root emulation modes (MODE above):\n\ | ||
| \n\ | ||
| simple Emulated system calls are intercepted and (fake) success is\n\ |
Collaborator
There was a problem hiding this comment.
Suggested change
| simple Emulated system calls are intercepted and (fake) success is\n\ | |
| stateless Emulated system calls are intercepted and (fake) success is\n\ |
| \n\ | ||
| This is the “zero-consistency” root emulation described in [2].\n\ | ||
| \n\ | ||
| consistent Emulated system calls are interecepted FIXME.\n\ |
Collaborator
There was a problem hiding this comment.
Suggested change
| consistent Emulated system calls are interecepted FIXME.\n\ | |
| stateful (default) Emulated system calls are interecepted FIXME.\n\ |
| that the program tried to set with chown(2). That is, the\n\ | ||
| calling process sees a fake but consistent owner for the file.\n\ | ||
| \n\ | ||
| If not specified, MODE is consistent.\n\ |
Collaborator
There was a problem hiding this comment.
Suggested change
| If not specified, MODE is consistent.\n\ | |
| If not specified, MODE is stateful.\n\ |
j-ogas
reviewed
Mar 30, 2026
Collaborator
j-ogas
left a comment
j-ogas
left a comment
There was a problem hiding this comment.
Initial suggestion proposes changing "simple" vs "consistent" to state{full,less}, which are is more explicit. Note that {in,}consistent may also work but they are, IMO, visually similar enough to be overlooked frequently(?).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces the skeleton of a new wrapper command
fakeroot, similar to the existingpseudo-clibut with no containerization and process management by the caller. It uses this as a vehicle to propose some API changes which would hopefully simplify things. (Honestly if this were built out well, I think it might be able to replace Debian’sfakeroot(1).)The most significant proposed change is that the libpseudo API no longer deals with seccomp filters directly for most tasks. Instead, callers add to the config system calls they want to either fake (return 0) or emulate in user space (call a provided callback function). There is also a provision to add a filter fragment if the caller wants to add actual BPF code. libpseudo then compiles this config into a BPF program. This would eliminate the need to write BPF code manually.
The PR may also have a solution for dealing with re-parented children without races.
Caveat 1: I don’t know the existing API well, so take with a grain of salt.
Caveat 2: This only deals with the syscall phase, not any of the other callbacks.