From patchwork Tue Mar 1 18:12:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Attila Lendvai X-Patchwork-Id: 37570 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 43DD127BBEA; Tue, 1 Mar 2022 18:19:18 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9DE8C27BBE9 for ; Tue, 1 Mar 2022 18:19:17 +0000 (GMT) Received: from localhost ([::1]:33860 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nP75b-0002kV-9F for patchwork@mira.cbaines.net; Tue, 01 Mar 2022 13:19:16 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55280) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nP75S-0002js-3a for guix-patches@gnu.org; Tue, 01 Mar 2022 13:19:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:44263) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nP75R-0003Cd-Qm for guix-patches@gnu.org; Tue, 01 Mar 2022 13:19:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nP75R-0004Mb-Ms for guix-patches@gnu.org; Tue, 01 Mar 2022 13:19:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Attila Lendvai Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Mar 2022 18:19:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54215@debbugs.gnu.org Cc: Attila Lendvai X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.164615872616746 (code B ref -1); Tue, 01 Mar 2022 18:19:01 +0000 Received: (at submit) by debbugs.gnu.org; 1 Mar 2022 18:18:46 +0000 Received: from localhost ([127.0.0.1]:38160 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP75C-0004M2-8E for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:18:46 -0500 Received: from lists.gnu.org ([209.51.188.17]:52504) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP75A-0004Lu-2D for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:18:45 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55240) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nP755-0002hP-TJ for guix-patches@gnu.org; Tue, 01 Mar 2022 13:18:43 -0500 Received: from [2a00:1450:4864:20::332] (port=41896 helo=mail-wm1-x332.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nP754-0002te-2o for guix-patches@gnu.org; Tue, 01 Mar 2022 13:18:39 -0500 Received: by mail-wm1-x332.google.com with SMTP id a13-20020a05600c348d00b0038188b8bbf6so1726507wmq.0 for ; Tue, 01 Mar 2022 10:18:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=yf6a2R4RoJjbUzWiVhWPuVrxgoTwP72Y7GGsUXCqgJ8=; b=idtmgoRPStIOi0Fuv9pE5rkf+0gnib1GY3SZnpg70JZ2goq4yKe+grnxzLRa4GFAU/ 33Gq51/AF36XbcFNLosTKwJtwsTLKGEyvwQoRkhDHARwEH/K+brjjbJX96RaOxb2qo2T bn+HlIZvNgnqIVrDZ4vTNnv9DfFVqe0hPyAVIE2P/1w/g+C7OT6GU84k0+f9S85PuF/d BAW/M2j0cY89P1O7ajXoBHJH4oDjJK031a+iYUpbeQAKmWkPsKHJDkACjom6qpj+2kZB DiMcdw8IuaWqVXdux65+s3YXbCfpAemnqf/PacICDFv6YRdlHCh2Gk2jLhbBXuoNsWey et+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=yf6a2R4RoJjbUzWiVhWPuVrxgoTwP72Y7GGsUXCqgJ8=; b=yi/fLie8ZidcYM6/Yt55WvuBpqpILxWJ3e8N4o30mWrDoRLisAbsfZ87bRyP4TR/qn p24ypqt7szdjqqp3RsRNaYydk/Up1sBOOu4qGmKCxrwxc+el37lsh4ol2nF2oVR28p5o 9WxdT77oFhsHKuflIKPruWEuK5VILC7nT8EVYMfHjSubP/E9wweTBe5yAiVCCldcy+Go w/Nj+Tr/JVdRxBSvskbuhXKOPtYPn6S3ctxDyut72FWWBgLmxkSqWe5945pg1h0EthZM scLz+C0JBUGuUl1KwHXhrg0I7I8vP1yf0ZOchp47Us0jJWr8XADd7KTgKiLsEJF8MZ6c 8/fw== X-Gm-Message-State: AOAM5304Mhv0utw8fsGHEyjf1k+WSL6aCu7qhpxSrEAvZvLYyuLzLzj4 ZA61KAL9ju7LQZ90B9+Nw7ODW812zhs= X-Google-Smtp-Source: ABdhPJxfDaOUtGkF/owpGXmPaEjA6d005D9ZPfOwy0naavvp/Ik3TtUCcQEtnT4CCiThocYBTAzDbQ== X-Received: by 2002:a05:600c:1c84:b0:381:64f8:fd23 with SMTP id k4-20020a05600c1c8400b0038164f8fd23mr9188622wms.188.1646158716429; Tue, 01 Mar 2022 10:18:36 -0800 (PST) Received: from localhost.localdomain ([2a02:ab88:3710:7c80:9130:5abf:96b3:dc0c]) by smtp.gmail.com with ESMTPSA id n5-20020adffe05000000b001edf8fc0cc3sm14271808wrr.41.2022.03.01.10.18.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Mar 2022 10:18:35 -0800 (PST) From: Attila Lendvai Date: Tue, 1 Mar 2022 19:12:43 +0100 Message-Id: <20220301181242.18384-1-attila@lendvai.name> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::332 (failed) Received-SPF: pass client-ip=2a00:1450:4864:20::332; envelope-from=attila.lendvai@gmail.com; helo=mail-wm1-x332.google.com X-Spam_score_int: 0 X-Spam_score: -0.1 X-Spam_bar: / X-Spam_report: (-0.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, PDS_HP_HELO_NORDNS=0.659, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * modules/shepherd/service.scm (exec-command, fork+exec-command, make-forkexec-constructor): Add #:rlimits and honor it. Reorder keyword args where needed to be uniform. --- this patch supersedes my previous CALL-IN-FORK proposal: https://issues.guix.gnu.org/54205 i will either close that, or maybe do the internal refactor. we'll see. modules/shepherd/service.scm | 26 ++++++++++++++++++-------- tests/forking-service.sh | 15 +++++++++++++-- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index ad8608b..c6f0f4e 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -787,7 +787,8 @@ daemon writing FILE is running in a separate PID namespace." (directory (default-service-directory)) (file-creation-mask #f) (create-session? #t) - (environment-variables (default-environment-variables))) + (environment-variables (default-environment-variables)) + (rlimits '())) "Run COMMAND as the current process from DIRECTORY, with FILE-CREATION-MASK if it's true, and with ENVIRONMENT-VARIABLES (a list of strings like \"PATH=/bin\"). File descriptors 1 and 2 are kept as is or redirected to @@ -795,6 +796,9 @@ LOG-FILE if it's true, whereas file descriptor 0 (standard input) points to /dev/null; all other file descriptors are closed prior to yielding control to COMMAND. When CREATE-SESSION? is true, call 'setsid' first. +Guile's SETRLIMIT function will be applied on the entries in RLIMITS. For +example a valid value would be '((nproc 10 100) (nofile 4096 4096)). + By default, COMMAND is run as the current user. If the USER keyword argument is present and not false, change to USER immediately before invoking COMMAND. USER may be a string, indicating a user name, or a @@ -808,6 +812,8 @@ false." ;; Programs such as 'mingetty' expect this. (setsid)) + (for-each (cut apply setrlimit <>) rlimits) + (chdir directory) (environ environment-variables) @@ -893,7 +899,8 @@ false." (file-creation-mask #f) (create-session? #t) (environment-variables - (default-environment-variables))) + (default-environment-variables)) + (rlimits '())) "Spawn a process that executed COMMAND as per 'exec-command', and return its PID." ;; Install the SIGCHLD handler if this is the first fork+exec-command call. @@ -924,7 +931,8 @@ its PID." #:directory directory #:file-creation-mask file-creation-mask #:create-session? create-session? - #:environment-variables environment-variables)) + #:environment-variables environment-variables + #:rlimits rlimits)) pid)))) (define* (make-forkexec-constructor command @@ -932,15 +940,16 @@ its PID." (user #f) (group #f) (supplementary-groups '()) + (log-file #f) (directory (default-service-directory)) - (environment-variables - (default-environment-variables)) (file-creation-mask #f) (create-session? #t) + (environment-variables + (default-environment-variables)) + (rlimits '()) (pid-file #f) (pid-file-timeout - (default-pid-file-timeout)) - (log-file #f)) + (default-pid-file-timeout))) "Return a procedure that forks a child process, closes all file descriptors except the standard output and standard error descriptors, sets the current directory to @var{directory}, sets the umask to @@ -978,7 +987,8 @@ start." #:file-creation-mask file-creation-mask #:create-session? create-session? #:environment-variables - environment-variables))) + environment-variables + #:rlimits rlimits))) (if pid-file (match (read-pid-file pid-file #:max-delay pid-file-timeout diff --git a/tests/forking-service.sh b/tests/forking-service.sh index bd9aac9..a745bf4 100644 --- a/tests/forking-service.sh +++ b/tests/forking-service.sh @@ -25,6 +25,7 @@ conf="t-conf-$$" log="t-log-$$" pid="t-pid-$$" service_pid="t-service-pid-$$" +service_nofiles="t-service-nofiles-$$" service2_pid="t-service2-pid-$$" service2_started="t-service2-starts-$$" @@ -49,14 +50,15 @@ cat > "$conf"< $PWD/$service_pid")) + '("$SHELL" "-c" "ulimit -n >$PWD/$service_nofiles; sleep 600 & echo \$! > $PWD/$service_pid")) (register-services (make ;; A service that forks into a different process. #:provides '(test) #:start (make-forkexec-constructor %command - #:pid-file "$PWD/$service_pid") + #:pid-file "$PWD/$service_pid" + #:rlimits '((nofile 1567 1567))) #:stop (make-kill-destructor) #:respawn? #f)) @@ -125,6 +127,15 @@ $herd status test2 | grep started test "`cat $PWD/$service2_started`" = "started started" + + +# test if nofiles was set properly +test -f "$service_nofiles" +nofiles_value="`cat $service_nofiles`" +test 1567 -eq $nofiles_value + + + # Try to trigger eventual race conditions, when killing a process between fork # and execv calls. for i in `seq 1 50`