Skip to content

SDLe fix: refactor, remove drop_privileges() and capability management from main.c#9

Merged
dmkarthi merged 16 commits into
mainfrom
remove-privileged-access
May 14, 2026
Merged

SDLe fix: refactor, remove drop_privileges() and capability management from main.c#9
dmkarthi merged 16 commits into
mainfrom
remove-privileged-access

Conversation

@dmkarthi

@dmkarthi dmkarthi commented May 11, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

dvledtx delegates all VFIO and hugepage operations to mtl_init() inside the MTL library. Whether those operations require elevated privileges is purely a system configuration concern, not an application concern.

With the recommended pre-configuration on the host:

  • udev rule granting the service user ownership of /dev/vfio/
  • LimitMEMLOCK=infinity in the systemd unit (or /etc/security/limits.conf)

mtl_init() succeeds without any elevated capabilities. The application should run as a plain unprivileged service user with no capability management needed.

Removes:

  • drop_privileges() function and its E-1 comment block
  • #include <linux/capability.h>
  • #include <sys/prctl.h>
  • #include <sys/syscall.h>
  • #include <sys/mman.h> (unused after removal)

Description

Checklist

Code Quality

  • Code follows project style guidelines
  • No unnecessary debug logs or commented-out code
  • No hardcoded values / secrets

Testing

  • Unit test added/modified accordingly
  • Perform manual basic sanity testing at system level

Review Readiness

  • PR title and description are clear and meaningful
  • Story/Task IDs are linked

Documentation

  • README or relevant docs updated (if applicable)

Security

  • No sensitive data exposed (keys, passwords, tokens)
  • Input validation added where needed

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Documentation content changes
  • Testing
  • Other... Please describe:

dmkarthi added 2 commits May 8, 2026 18:54
@dmkarthi
refactor: remove drop_privileges() and capability management from main.c
5173804 
dvledtx delegates all VFIO and hugepage operations to mtl_init()
inside the MTL library. Whether those operations require elevated
privileges is purely a system configuration concern, not an
application concern.

With the recommended pre-configuration on the host:
  - udev rule granting the service user ownership of /dev/vfio/<group>
  - LimitMEMLOCK=infinity in the systemd unit (or /etc/security/limits.conf)

mtl_init() succeeds without any elevated capabilities. The application
should run as a plain unprivileged service user with no capability
management needed.

Removes:
  - drop_privileges() function and its E-1 comment block
  - #include <linux/capability.h>
  - #include <sys/prctl.h>
  - #include <sys/syscall.h>
  - #include <sys/mman.h> (unused after removal)
@dmkarthi
refactor: remove drop_privileges() and capability management from main.c
cc9d191 
dvledtx delegates all VFIO and hugepage operations to mtl_init()
inside the MTL library. Whether those operations require elevated
privileges is purely a system configuration concern, not an
application concern.

With the recommended pre-configuration on the host:
  - udev rule granting the service user ownership of /dev/vfio/<group>
  - LimitMEMLOCK=infinity in the systemd unit (or /etc/security/limits.conf)

mtl_init() succeeds without any elevated capabilities. The application
should run as a plain unprivileged service user with no capability
management needed.

Removes:
  - drop_privileges() function and its E-1 comment block
  - #include <linux/capability.h>
  - #include <sys/prctl.h>
  - #include <sys/syscall.h>
  - #include <sys/mman.h> (unused after removal)
@dmkarthi dmkarthi force-pushed the remove-privileged-access branch from 5173804 to cc9d191 Compare May 11, 2026 14:13
@dmkarthi dmkarthi changed the title refactor: remove drop_privileges() and capability management from main.c SDLe fix: refactor, remove drop_privileges() and capability management from main.c May 12, 2026
roshan-ku and others added 14 commits May 12, 2026 11:17
@roshan-ku
Merge branch 'main' into remove-privileged-access
226b4e9
@dmkarthi
Merge branch 'main' into remove-privileged-access
3e19986
@dmkarthi
Merge branch 'remove-privileged-access' of https://github.com/OpenVis…
b86d00a 
…ualCloud/directview-led-software-toolkit into remove-privileged-access
@dmkarthi
ci: simplify FFmpeg skip check to pkg-config only, remove binary check
25115fb
@dmkarthi
ci: verify FFmpeg MTL plugin via nm on libavdevice to avoid SIGILL fr…
02c7128 
…om running binary
@dmkarthi
ci: remove binary execution from smoke test and FFmpeg verify - use f…
bb9f353 
…ile/ldd/nm instead
@dmkarthi
ci: remove smoke tests completely
7e03310
@dmkarthi
ci: restore smoke tests and ffmpeg execution - compile with -march=x8…
074e606 
…6-64 for runner portability
@roshan-ku
SDLe: remove /tmp/ from allowed log paths and add validation tests
b6d4f41 
- Remove /tmp/ from ALLOWED_LOG_PREFIXES in main.c (world-writable,
  symlink attack risk)
- Add test_validate_log_path_rejects_tmp: verify /tmp paths are rejected
- Add test_validate_log_path_allows_var_log: verify /var/log/ is allowed
- Add test_validate_log_path_allows_cwd_relative: verify cwd-relative OK
- Add test_not_running_as_sudo: verify tests are not run as root
@dmkarthi
ci: explicit FFmpeg binary/.so copy on restore with full verify output
97e44a2
@roshan-ku
SDLe: reject symlinked config files to prevent symlink attacks
b603dc0 
- Add lstat() check in main.c to reject config files that are symlinks
- Add test_main_rejects_symlinked_config unit test to verify rejection
@roshan-ku
SDLe: add watchdog unit tests, logger enhancements
c61cd3d
@roshan-ku
SDLe: cap max resolution to 1920x1080
37a547c
@roshan-ku
docs: add troubleshooting kill command and Security.md
08e241e
@dmkarthi dmkarthi merged commit 0985d6f into main May 14, 2026
1 check passed
@dmkarthi dmkarthi deleted the remove-privileged-access branch May 14, 2026 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@roshan-ku roshan-ku roshan-ku approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dmkarthi @roshan-ku