Parameter tuning for gitlab runner ci-runner-x86-03-shadow
Already done
For posterity, I already requested the following overrides to the runners.docker config:
-
cap_add SYS_PTRACE
- shadow uses ptrace to manage processes running in its simulation -
shm_size 16g
- shadow uses /dev/shm for IPC, including remapping process most data regions from managed processes into shared memory for fast access from the shadow.
Outstanding requests that we definitely need:
- I think we'll need a larger shm_size for larger simulations. I'd suggest 50-100% of the machine's physical memory. Note that this setting only specifies a cap, not a reservation. i.e. smaller sims that don't need that much memory won't use it.
- Larger storage. I'm not sure where this setting lives, but my last attempt to run a simulation ran out of storage pretty quickly. I'm not sure exactly what we need here; maybe try 10-20 GB?
Semi-optional outstanding request
-
security_opt seccomp=unconfined
.
This isn't strictly necessary, but improves Shadow performance by ~20%.
It'd probably be sufficient if we could instead configure Docker to opt out of the speculative-store-bypass mitigation when installing the seccomp filter, but afaik Docker doesn't expose that functionality (See shadow #1489.
In principle disabling seccomp here might allow to escape the container, effectively getting root on the host machine. However:
- We already restrict access to this runner, roughly to ~jnewsome (though may expand to other trusted folks who need to run shadow sims).
- From some light googling it doesn't seem this would enable any current, known container escapes. This mechanism is for defense in depth. E.g. this attack requires capability
SYS_ADMIN
.