-
Notifications
You must be signed in to change notification settings - Fork 142
Description
Each new sandbox calls setup_signal_handlers
to setup a panic handler which ignores DisallowedSyscall panics. This creates a new closure that captures the previous panic hook, but the old closures never get cleaned up. Thus, the more sandboxes are created, the more closures the panic hook contains.
I believe this is also the cause of the very long panic backtraces we've been seeing, since the more sandboxes you create, the more closures the panic has to go through.
We can consider seting up the panic hook just once using something like use std::sync::Once, however we need to be careful in still setting up the vm_kill_signal
, since this still needs to rerun if sandbox has a different config.get_interrupt_vcpu_sigrtmin_offset()
from previous sandbox