scottk/Mailu
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/Mailu.git synced 2025-10-29 17:22:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge #3558

Browse Source 
3558: Only enable HARDENED_MALLOC with kernel 6.1+ r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Disable HARDENED_MALLOC unless the requirements are met

### Related issue(s)
- #3398

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
bors-mailu[bot]
2024-09-23 09:04:08 +00:00
committed by GitHub
parent a246edf33c e3b1b9c1c3
commit 5e7d4edc9d
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
core/base/libs/socrate/socrate/system.py
View File

@@ -58,6 +58,11 @@ class LogFilter(object):
self.stream.flush()
def _is_compatible_with_hardened_malloc():
with open('/proc/version', 'r') as f:
major, minor = f.readline().split()[2].split('.')[:2]
if int(major) < 6 or int(major) == 6 and int(minor) < 1:
return False
with open('/proc/cpuinfo', 'r') as f:
lines = f.readlines()
for line in lines:
@@ -82,9 +87,13 @@ def set_env(required_secrets=[], log_filters=[]):
log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", 'WARNING'))
signal.signal(signal.SIGTERM, sigterm_handler)
if not 'LD_PRELOAD' in os.environ and _is_compatible_with_hardened_malloc():
log.warning('Your CPU has Advanced Vector Extensions available, we recommend you enable hardened-malloc earlier in the boot process by adding LD_PRELOAD=/usr/lib/libhardened_malloc.so to your mailu.env')
os.environ['LD_PRELOAD'] = '/usr/lib/libhardened_malloc.so'
if _is_compatible_with_hardened_malloc():
if not 'LD_PRELOAD' in os.environ and _is_compatible_with_hardened_malloc():
log.warning('Your CPU has Advanced Vector Extensions available, we recommend you enable hardened-malloc earlier in the boot process by adding LD_PRELOAD=/usr/lib/libhardened_malloc.so to your mailu.env')
os.environ['LD_PRELOAD'] = '/usr/lib/libhardened_malloc.so'
with open('/proc/sys/vm/max_map_count', 'r') as f:
if int(f.readline()) < 1048576:
log.warning('Please consider increasing vm.max_map_count to 1048576 as per https://github.com/GrapheneOS/hardened_malloc?tab=readme-ov-file#traditional-linux-based-operating-systems')
""" This will set all the environment variables and retains only the secrets we need """
if 'SECRET_KEY_FILE' in os.environ:

1
towncrier/newsfragments/3398.misc Normal file
View File

@@ -0,0 +1 @@
Disable HARDENED_MALLOC unless the requirements are met