Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure validator mode #2042

Merged
merged 29 commits into from
May 1, 2024
Merged

Secure validator mode #2042

merged 29 commits into from
May 1, 2024

Conversation

Harrm
Copy link
Contributor

@Harrm Harrm commented Apr 12, 2024
edited
Loading

Referenced issues

https://github.com/qdrvm/KAGOME-audit/issues/33

Description of the Change

Introduce secure validator mode, in which PVF workers impose a number of restrictions on themselves using various Linux APIs, namely Landlock, Seccomp and chroot.

Possible Drawbacks

Checklist Before Opening a PR

Before you open a Pull Request (PR), please make sure you've completed the following steps and confirm by answering 'Yes' to each item:

  1. Code is formatted: Have you run your code through clang-format to ensure it adheres to the project's coding standards? Yes
  2. Code is documented: Have you added comments and documentation to your code according to the guidelines in the project's contributing guidelines? Yes
  3. Self-review: Have you reviewed your own code to ensure it is free of typos, syntax errors, logical errors, and unresolved TODOs or FIXME without linking to an issue? No
  4. Zombienet Tests: Have you ensured that the zombienet tests are passing? Zombienet is a network simulation and testing tool used in this project. It's important to ensure that these tests pass to maintain the stability and reliability of the project. No

@Harrm Harrm marked this pull request as ready for review April 29, 2024 13:39
kamilsa
kamilsa reviewed Apr 29, 2024
View reviewed changes
cmake/Hunter/hunter-gate-url.cmake Outdated Show resolved Hide resolved
core/parachain/pvf/kagome_pvf_worker.hpp Outdated Show resolved Hide resolved
igor-egorov
igor-egorov approved these changes Apr 30, 2024
View reviewed changes
cmake/Hunter/hunter-gate-url.cmake Outdated Show resolved Hide resolved
core/runtime/wasm_edge/module_factory_impl.hpp Outdated Show resolved Hide resolved
core/parachain/pvf/run_worker.hpp Outdated Show resolved Hide resolved
test/core/parachain/pvf_test.cpp Outdated Show resolved Hide resolved
test/core/parachain/secure_mode.cpp Show resolved Hide resolved
@Harrm Harrm merged commit fe096d4 into master May 1, 2024
10 of 12 checks passed
@Harrm Harrm deleted the feature/secure-mode branch May 1, 2024 07:49
kamilsa added a commit that referenced this pull request May 13, 2024
@kamilsa
Revert "Secure validator mode (#2042)"
14c435c 
This reverts commit fe096d4
@kamilsa kamilsa restored the feature/secure-mode branch May 16, 2024 07:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@igor-egorov igor-egorov igor-egorov approved these changes

@kamilsa kamilsa kamilsa approved these changes

@xDimon xDimon Awaiting requested review from xDimon

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Harrm @kamilsa @igor-egorov