@@ -29,26 +29,31 @@ pub(crate) fn setup_signal_handlers(config: &SandboxConfiguration) -> crate::Res
2929 // should be safe to call.
3030 #[ cfg( feature = "seccomp" ) ]
3131 {
32+ use std:: sync:: Once ;
33+
3234 vmm_sys_util:: signal:: register_signal_handler (
3335 libc:: SIGSYS ,
3436 sigsys_signal_handler:: handle_sigsys,
3537 )
3638 . map_err ( crate :: HyperlightError :: VmmSysError ) ?;
3739
38- let original_hook = std:: panic:: take_hook ( ) ;
39- // Set a custom panic hook that checks for "DisallowedSyscall"
40- std:: panic:: set_hook ( Box :: new ( move |panic_info| {
41- // Check if the panic payload matches "DisallowedSyscall"
42- if let Some ( crate :: HyperlightError :: DisallowedSyscall ) = panic_info
43- . payload ( )
44- . downcast_ref :: < crate :: HyperlightError > (
45- ) {
46- // Do nothing to avoid superfluous syscalls
47- return ;
48- }
49- // If not "DisallowedSyscall", use the original hook
50- original_hook ( panic_info) ;
51- } ) ) ;
40+ static PANIC_HOOK_INIT : Once = Once :: new ( ) ;
41+ PANIC_HOOK_INIT . call_once ( || {
42+ let original_hook = std:: panic:: take_hook ( ) ;
43+ // Set a custom panic hook that checks for "DisallowedSyscall"
44+ std:: panic:: set_hook ( Box :: new ( move |panic_info| {
45+ // Check if the panic payload matches "DisallowedSyscall"
46+ if let Some ( crate :: HyperlightError :: DisallowedSyscall ) = panic_info
47+ . payload ( )
48+ . downcast_ref :: < crate :: HyperlightError > (
49+ ) {
50+ // Do nothing to avoid superfluous syscalls
51+ return ;
52+ }
53+ // If not "DisallowedSyscall", use the original hook
54+ original_hook ( panic_info) ;
55+ } ) ) ;
56+ } ) ;
5257 }
5358 vmm_sys_util:: signal:: register_signal_handler (
5459 libc:: SIGRTMIN ( ) + config. get_interrupt_vcpu_sigrtmin_offset ( ) as c_int ,
0 commit comments