Skip to content

feat(framework): Disable process dumping for SuperExec on Linux#7003

Merged
danieljanes merged 2 commits intomainfrom
disable-proc-dump
Apr 11, 2026
Merged

feat(framework): Disable process dumping for SuperExec on Linux#7003
danieljanes merged 2 commits intomainfrom
disable-proc-dump

Conversation

@panh99
Copy link
Copy Markdown
Member

@panh99 panh99 commented Apr 11, 2026

Verified by running strace -p <pid> on WSL. The command can be attached to flower-superlink but not flower-superexec.

Copilot AI review requested due to automatic review settings April 11, 2026 13:39
Comment thread framework/py/flwr/supercore/cli/flower_superexec.py Outdated
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Linux-specific hardening step for SuperExec to prevent attaching debuggers/dumpers (e.g., via ptrace), aligning SuperExec behavior with the stated security goal.

Changes:

  • Introduce disable_process_dumping(strict: bool) in flwr.supercore.utils using prctl(PR_SET_DUMPABLE, 0) on Linux.
  • Call disable_process_dumping(strict=False) at the start of the flower-superexec CLI entrypoint.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
framework/py/flwr/supercore/utils.py Adds a Linux-only utility to disable process dumping/ptrace via prctl.
framework/py/flwr/supercore/cli/flower_superexec.py Invokes the new utility at SuperExec startup.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread framework/py/flwr/supercore/utils.py
Comment thread framework/py/flwr/supercore/utils.py
Comment thread framework/py/flwr/supercore/utils.py
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bf1d27b1c9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread framework/py/flwr/supercore/cli/flower_superexec.py
@github-actions github-actions Bot added the Maintainer Used to determine what PRs (mainly) come from Flower maintainers. label Apr 11, 2026
@danieljanes danieljanes enabled auto-merge (squash) April 11, 2026 16:37
@danieljanes danieljanes merged commit e1e7863 into main Apr 11, 2026
72 of 79 checks passed
@danieljanes danieljanes deleted the disable-proc-dump branch April 11, 2026 17:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Maintainer Used to determine what PRs (mainly) come from Flower maintainers.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants