bridge: use mlockall(2) to prevent pages from being swapped out
The extra capability is harmless and is, at worst, a DoS risk.
ghstack-source-id: d30b50dbca
Pull Request resolved: https://github.com/certusone/wormhole/pull/55
This commit is contained in:
parent
f872d0be44
commit
509d9c3d73
|
@ -7,10 +7,12 @@ import (
|
|||
"net/http"
|
||||
_ "net/http/pprof"
|
||||
"os"
|
||||
"syscall"
|
||||
|
||||
eth_common "github.com/ethereum/go-ethereum/common"
|
||||
"github.com/libp2p/go-libp2p-core/peer"
|
||||
"go.uber.org/zap"
|
||||
"golang.org/x/sys/unix"
|
||||
|
||||
"github.com/certusone/wormhole/bridge/pkg/common"
|
||||
"github.com/certusone/wormhole/bridge/pkg/devnet"
|
||||
|
@ -87,6 +89,15 @@ func main() {
|
|||
fmt.Print(devwarning)
|
||||
}
|
||||
|
||||
// Lock current and future pages in memory to protect secret keys from being swapped out to disk.
|
||||
// It's possible (and strongly recommended) to deploy Wormhole such that keys are only ever
|
||||
// stored in memory and never touch the disk. This is a privileged operation and requires CAP_IPC_LOCK.
|
||||
err := unix.Mlockall(syscall.MCL_CURRENT | syscall.MCL_FUTURE)
|
||||
if err != nil {
|
||||
fmt.Printf("Failed to lock memory: %v (CAP_IPC_LOCK missing?)\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Set up logging. The go-log zap wrapper that libp2p uses is compatible with our
|
||||
// usage of zap in supervisor, which is nice.
|
||||
lvl, err := ipfslog.LevelFromString(*logLevel)
|
||||
|
|
|
@ -63,6 +63,11 @@ spec:
|
|||
- -unsafeDevMode
|
||||
# - -logLevel
|
||||
# - debug
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
# required for syscall.Mlockall
|
||||
- IPC_LOCK
|
||||
ports:
|
||||
- containerPort: 8999
|
||||
name: p2p
|
||||
|
|
Loading…
Reference in New Issue