fix(fspy): use memfd for Linux shared memory#523
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
24813bf to
ebc6e41
Compare
ebc6e41 to
eac0891
Compare
eac0891 to
82c057f
Compare
82c057f to
aaaf01b
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 308b887e8b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
aaaf01b to
a64e9b8
Compare
a64e9b8 to
ae72983
Compare
ae72983 to
ac080f6
Compare
ac080f6 to
ca12e8b
Compare
ca12e8b to
4119fee
Compare
3f7527b to
a6a417e
Compare
4119fee to
d949311
Compare
8dac1e8 to
3433486
Compare
0f5cacc to
cf3315b
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a55127096e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
cf3315b to
9e72876
Compare
Replace the Linux /dev/shm-backed adapter with a sealed memfd mapping. Each client connection receives the descriptor immediately from a broker task on the ambient Tokio runtime. Dropping the owner cancels the broker, while already-open mappings remain valid. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
Co-authored-by: GPT-5 Codex <codex@openai.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cc96f186e1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| let address = SocketAddrUnix::new_abstract_name(id.as_bytes())?; | ||
| connect(&socket, &address)?; |
There was a problem hiding this comment.
Avoid namespace-scoped broker addresses
When a traced task execs a descendant after entering another network namespace (for example through unshare -n or a sandbox helper), Linux abstract AF_UNIX names are looked up in that new namespace, so this connect cannot reach the broker that was bound in the parent namespace. The preload constructor treats ChannelConf::sender() failures as ipc_sender: None and then drops all accesses from that process, which can leave cache inputs incomplete for those sandboxed subtrees; use a namespace-independent handoff such as an inherited broker fd or an accessible filesystem socket instead.
Useful? React with 👍 / 👎.

Motivation
Stop Linux file-access tracking from consuming the container's
/dev/shmquota and crashing withSIGBUS.Changes
memfd./dev/shmfixture to succeed.Fixes #353