From patchwork Fri Aug 18 20:22:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ulfvonbelow X-Patchwork-Id: 16045 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9329627BBE9; Fri, 18 Aug 2023 21:24:34 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 1199D27BBE2 for ; Fri, 18 Aug 2023 21:24:33 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qX60p-0008RT-8s; Fri, 18 Aug 2023 16:24:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qX60n-0008Qj-GS for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:01 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qX60n-0008FV-92 for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qX60n-0006ey-Qq for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#65221] [PATCH 1/6] tests: add extra-ports.sh test. References: <20230811090352.3572-1-striness@tilde.club> In-Reply-To: <20230811090352.3572-1-striness@tilde.club> Resent-From: ulfvonbelow Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 18 Aug 2023 20:24:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65221 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65221@debbugs.gnu.org Cc: ulfvonbelow Received: via spool by 65221-submit@debbugs.gnu.org id=B65221.169239018225451 (code B ref 65221); Fri, 18 Aug 2023 20:24:01 +0000 Received: (at 65221) by debbugs.gnu.org; 18 Aug 2023 20:23:02 +0000 Received: from localhost ([127.0.0.1]:48881 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX5zq-0006cR-77 for submit@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:02 -0400 Received: from tilde.club ([142.44.150.184]:46950 ident=postfix) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX5zo-0006bv-EH for 65221@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:01 -0400 Received: by tilde.club (Postfix, from userid 5378) id CBC512250B9BD; Fri, 18 Aug 2023 20:22:58 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club CBC512250B9BD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1692390178; bh=M1guxpFVdxF/8sHdzbvplvOIyQlVxQ1fObnPTcoY/oE=; h=From:To:Cc:Subject:Date:From; b=sHP0JZ2b0S79xYhakbGDlJ5NgwE60Gy2ldDuRGbq19vCb25P81zD5eT8RMM7lXyt/ hKZ4yNWj5RpMGWiqB5nEtHngNGnZ7aCzW9uGPoheO77Tg1juYwx6z+Wqs+2jOlNobh xYG4+xJcns49yWZ8Cx4WL2I8cL6ItOoZfB8aFD8s= From: ulfvonbelow Date: Fri, 18 Aug 2023 15:22:34 -0500 Message-Id: <20230818202239.21177-1-striness@tilde.club> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * tests/extra-ports.sh: new test. --- tests/extra-ports.sh | 76 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 tests/extra-ports.sh diff --git a/tests/extra-ports.sh b/tests/extra-ports.sh new file mode 100644 index 0000000..51b91b7 --- /dev/null +++ b/tests/extra-ports.sh @@ -0,0 +1,76 @@ +socket="t-socket-$$" +conf="t-conf-$$" +log="t-log-$$" +pid="t-pid-$$" +testfile1="t-testfile1-$$" +testfile2="t-testfile2-$$" +resultfile="t-resultfile-$$" + +herd="herd -s $socket" + +trap "cat $log || true; + rm -f $socket $conf $log $testfile1 $testfile2 $resultfile; + test -f $pid && kill \`cat $pid\` || true; rm -f $pid" EXIT + +printf "test1" > "$testfile1" +printf "test2" > "$testfile2" + +cat > "$conf"< (fileno a) + (fileno b)))))) + + (define command + (list + "sh" + "-c" + (string-append + "set -x;" + " cat >> ${resultfile}.tmp <&" (number->string + (fileno test1)) + "; cat >> ${resultfile}.tmp <&" (number->string + (fileno test2)) + "; mv ${resultfile}.tmp ${resultfile}"))) + + (fork+exec-command command + #:extra-ports + ports + #:directory + "$(pwd)")))))) + #:stop (const #f) + #:respawn? #f))) +EOF + +rm -f "$pid" +shepherd -I -s "$socket" -c "$conf" -l "$log" --pid="$pid" & + +while ! test -f "$pid" ; do sleep 0.3 ; done + +shepherd_pid="`cat $pid`" +kill -0 $shepherd_pid + +$herd start test-extra-ports + +while ! test -f "$resultfile" ; do sleep 0.3 ; done + +result="$(cat $resultfile)" +test "$result" = "test1test2" -o "$result" = "test2test1" From patchwork Fri Aug 18 20:22:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ulfvonbelow X-Patchwork-Id: 16046 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 403C227BBE9; Fri, 18 Aug 2023 21:24:41 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id C377527BBE2 for ; Fri, 18 Aug 2023 21:24:38 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qX60p-0008Rk-CU; Fri, 18 Aug 2023 16:24:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qX60n-0008Qt-Uj for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:01 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qX60n-0008Fd-Mk for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qX60o-0006f6-8z for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#65221] [PATCH 2/6] service: don't let earlier ports clobber later ones in EXTRA-PORTS. Resent-From: ulfvonbelow Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 18 Aug 2023 20:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65221 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65221@debbugs.gnu.org Cc: ulfvonbelow Received: via spool by 65221-submit@debbugs.gnu.org id=B65221.169239019125491 (code B ref 65221); Fri, 18 Aug 2023 20:24:02 +0000 Received: (at 65221) by debbugs.gnu.org; 18 Aug 2023 20:23:11 +0000 Received: from localhost ([127.0.0.1]:48884 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX5zy-0006d4-JG for submit@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:11 -0400 Received: from tilde.club ([2607:5300:204:4340::114]:42128 ident=postfix) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX5zx-0006cx-5I for 65221@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:09 -0400 Received: by tilde.club (Postfix, from userid 5378) id 2C5C82250B9BD; Fri, 18 Aug 2023 20:23:08 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club 2C5C82250B9BD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1692390188; bh=yVbrYz9EJGJTmXLpYaMy+ky6PEx2qQ28zUuECdILUpU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GCuxMvwcbX7UAaYBTSJkbjretG+IqSNk8X4esm2PPmDkTbYMdwKykibyqXcE3BOLx xthTZh0BlZA1wF8mPTDRwfhgRyB/kismThypwkNPyXgNXDuYsBzDZFXFuZdjWTXKtX zh47eJ7EFikXFF7A4Ue5pyvLmwsXQQ8WOlq4RDyE= From: ulfvonbelow Date: Fri, 18 Aug 2023 15:22:35 -0500 Message-Id: <20230818202239.21177-2-striness@tilde.club> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230818202239.21177-1-striness@tilde.club> References: <20230818202239.21177-1-striness@tilde.club> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches In some situations, EXTRA-PORTS may not work as described, because it copies file descriptor contents in an arbitrary order. For example, suppose that (map fileno EXTRA-PORTS) is (7 6 5 4 3). If the underlying file originally stored in fd N is represented by F(N), it will assign 3 <-- F(7) 4 <-- F(6) 5 <-- F(5) 6 <-- F(6) 7 <-- F(7) In other words, the copying of earlier FDs in EXTRA-PORTS may overwrite later FDs in EXTRA-PORTS. Because the process of properly and safely copying those FDs involves some complexity, we've split it into a separate procedure named PRESERVE-PORTS. * modules/shepherd/service.scm (reconfigure-ports): new procedure. (exec-command): use it. --- modules/shepherd/service.scm | 154 +++++++++++++++++++++++++---------- 1 file changed, 113 insertions(+), 41 deletions(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 68553d4..68993ac 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -1434,6 +1434,88 @@ FILE." (list->vector (map (lambda (group) (group:gid (getgr group))) supplementary-groups))) +(define* (reconfigure-fds ports-or-fds #:optional (base 0)) + "Duplicate the FDs (fd0 fd1 ... fdN) corresponding to the N ports or FDs in +EXTRA-PORTS into the FD range (0 1 ... N), clearing their FD_CLOEXEC flag at +the same time. This will work regardless of the numeric values of fd1 +... fdN. File descriptors outside of the range 0..N will not be affected. +This may fail if there are zero unused file descriptors." + ;; If we view each FD as a node, and fd n at index k of FDS as an edge from + ;; fd n to fd k, then we have a rather special type of graph. Because of + ;; how the edges must be specified, it has the property that no node can + ;; have more than one parent, like a tree, but unlike a tree it is possible + ;; to have cycles (combined with the prior restriction, this means a given + ;; node can be part of at most one cycle). I don't know of a good name for + ;; that kind of graph - maybe "rootless tree"? Anyway, our approach is to, + ;; for each unique FD in FDS, do a traversal that both finds the cyclic + ;; path, if it exists, and sets every FD that isn't part of the cycle, then + ;; finally resolve the cycle using a temporary fd. + + (define fds (map (lambda (x) + (if (port? x) (fileno x) x)) + ports-or-fds)) + (define max-fd (apply max 0 fds)) + (define fd->targets + (let ((vec (make-vector (+ 1 max-fd) '()))) + (for-each (lambda (source-fd dest-fd) + (vector-set! vec source-fd + (cons dest-fd + (vector-ref vec source-fd)))) + fds + (iota (length fds) base)) + vec)) + (define visited (make-vector (+ 1 max-fd) #f)) + + (define (rotate-fds! fds) + ;; (fdval1 fdval2 fdval3) --> (fdval3 fdval1 fdval2) + (match (reverse fds) + ((fd0) + ;; Clear close-on-exec flag as if it were dup2'ed. + (fcntl fd0 F_SETFD 0)) + ((fd0 . (and rest (fd1 . _))) + (let ((tmp-fd (dup->fdes fd0))) + (let loop ((fds rest) + (prev fd0)) + (match fds + ((fd . rest) + (dup2 fd prev) + (loop rest fd)) + (() + (dup2 tmp-fd prev) + (close-fdes tmp-fd)))))))) + + (define (top-visit fd) + (let ((cycle (visit fd fd))) + (when cycle + (rotate-fds! cycle)))) + + (define (visit fd cycle-start-fd) + (if (vector-ref visited fd) + #f + (begin + (vector-set! visited fd #t) + (let loop ((targets (vector-ref fd->targets fd)) + (cycle-tail #f)) + (match targets + ((target . rest) + (cond + ((= target cycle-start-fd) + (loop rest (list fd))) + ((> target max-fd) ;; Has no targets, no need to visit. + (dup2 fd target) + (loop rest cycle-tail)) + (else + (let ((maybe-cycle-tail (visit target cycle-start-fd))) + (if maybe-cycle-tail + (loop rest (cons fd maybe-cycle-tail)) + (begin + (dup2 fd target) + (loop rest cycle-tail))))))) + (() + cycle-tail)))))) + + (for-each top-visit fds)) + (define* (exec-command command #:key (user #f) @@ -1479,48 +1561,38 @@ false." (chdir directory) (environ environment-variables) - ;; Close all the file descriptors except stdout and stderr. - (let ((max-fd (max-file-descriptors))) + ;; Redirect stdin. + (catch-system-error (close-fdes 0)) + ;; Make sure file descriptor zero is used, so we don't end up reusing + ;; it for something unrelated, which can confuse some packages. + (dup2 (if input-port + (fileno input-port) + (open-fdes "/dev/null" O_RDONLY)) + 0) - ;; Redirect stdin. - (catch-system-error (close-fdes 0)) - ;; Make sure file descriptor zero is used, so we don't end up reusing - ;; it for something unrelated, which can confuse some packages. - (dup2 (if input-port - (fileno input-port) - (open-fdes "/dev/null" O_RDONLY)) - 0) + (when (or log-port log-file) + (catch #t + (lambda () + ;; Redirect stdout and stderr to use LOG-FILE. + (catch-system-error (close-fdes 1)) + (catch-system-error (close-fdes 2)) + (dup2 (if log-file + (open-fdes log-file (logior O_CREAT O_WRONLY O_APPEND) + #o640) + (fileno log-port)) + 1) + (dup2 1 2) + + ;; Make EXTRA-PORTS available starting from file descriptor 3. + ;; This clears their FD_CLOEXEC flag. + (reconfigure-fds extra-ports 3)) - (when (or log-port log-file) - (catch #t - (lambda () - ;; Redirect stout and stderr to use LOG-FILE. - (catch-system-error (close-fdes 1)) - (catch-system-error (close-fdes 2)) - (dup2 (if log-file - (open-fdes log-file (logior O_CREAT O_WRONLY O_APPEND) - #o640) - (fileno log-port)) - 1) - (dup2 1 2) - - ;; Make EXTRA-PORTS available starting from file descriptor 3. - ;; This clears their FD_CLOEXEC flag. - (let loop ((fd 3) - (ports extra-ports)) - (match ports - (() #t) - ((port rest ...) - (catch-system-error (close-fdes fd)) - (dup2 (fileno port) fd) - (loop (+ 1 fd) rest))))) - - (lambda (key . args) - (when log-file - (format (current-error-port) - "failed to open log-file ~s:~%" log-file)) - (print-exception (current-error-port) #f key args) - (primitive-exit 1)))) + (lambda (key . args) + (when log-file + (format (current-error-port) + "failed to open log-file ~s:~%" log-file)) + (print-exception (current-error-port) #f key args) + (primitive-exit 1)))) ;; setgid must be done *before* setuid, otherwise the user will ;; likely no longer have permissions to setgid. @@ -1558,7 +1630,7 @@ false." (format (current-error-port) "exec of ~s failed: ~a~%" program (strerror (system-error-errno args))) - (primitive-exit 1))))))) + (primitive-exit 1)))))) (define %precious-signals ;; Signals that the shepherd process handles. From patchwork Fri Aug 18 20:22:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ulfvonbelow X-Patchwork-Id: 16042 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 09D6027BBE2; Fri, 18 Aug 2023 21:24:15 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 489EE27BBEA for ; Fri, 18 Aug 2023 21:24:12 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qX60q-0008Sg-TF; Fri, 18 Aug 2023 16:24:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qX60o-0008R1-Cu for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qX60o-0008Fm-4U for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qX60o-0006fD-Mf for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#65221] [PATCH 3/6] Makefile.am: enable extra-ports.sh test. Resent-From: ulfvonbelow Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 18 Aug 2023 20:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65221 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65221@debbugs.gnu.org Cc: ulfvonbelow Received: via spool by 65221-submit@debbugs.gnu.org id=B65221.169239020025514 (code B ref 65221); Fri, 18 Aug 2023 20:24:02 +0000 Received: (at 65221) by debbugs.gnu.org; 18 Aug 2023 20:23:20 +0000 Received: from localhost ([127.0.0.1]:48887 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX608-0006dS-7W for submit@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:20 -0400 Received: from tilde.club ([142.44.150.184]:37562 ident=postfix) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX606-0006dJ-4p for 65221@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:18 -0400 Received: by tilde.club (Postfix, from userid 5378) id 2F3C52250B9BD; Fri, 18 Aug 2023 20:23:17 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club 2F3C52250B9BD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1692390197; bh=15inucqCXJOM3Zr0PIMqzeh5NP35V+VYnLYgi8mrMqA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IsnCzQHmKotYUuuvPzqbqA7H4YPN/Eooh9vCabhWelBO2cjHE6WiTsabq8o+nR4cc NlbtDmN3lX2BGpzpSWJgvVfsVovMjiiwhzHnughhzJj050ITh/cVuxxU0v5Oq8sBJI u4D24/9dqcPRATOVLIPkO5sd5C72SAfUdqDkVfZM= From: ulfvonbelow Date: Fri, 18 Aug 2023 15:22:36 -0500 Message-Id: <20230818202239.21177-3-striness@tilde.club> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230818202239.21177-1-striness@tilde.club> References: <20230818202239.21177-1-striness@tilde.club> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * Makefile.am (TESTS): add tests/extra-ports.sh --- Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index fdfcf3d..b2ce46b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -271,7 +271,8 @@ TESTS = \ tests/daemonize.sh \ tests/eval-load.sh \ tests/services/monitoring.sh \ - tests/services/repl.sh + tests/services/repl.sh \ + tests/extra-ports.sh TEST_EXTENSIONS = .sh EXTRA_DIST += $(TESTS) From patchwork Fri Aug 18 20:22:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ulfvonbelow X-Patchwork-Id: 16044 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 693E227BBE9; Fri, 18 Aug 2023 21:24:34 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 4908827BBEA for ; Fri, 18 Aug 2023 21:24:33 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qX60p-0008S7-Oo; Fri, 18 Aug 2023 16:24:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qX60o-0008R9-NC for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qX60o-0008Ft-FI for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qX60p-0006fK-1d for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#65221] [PATCH 4/6] service: honor EXTRA-PORTS regardless of log-port and log-file. Resent-From: ulfvonbelow Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 18 Aug 2023 20:24:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65221 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65221@debbugs.gnu.org Cc: ulfvonbelow Received: via spool by 65221-submit@debbugs.gnu.org id=B65221.169239020825535 (code B ref 65221); Fri, 18 Aug 2023 20:24:03 +0000 Received: (at 65221) by debbugs.gnu.org; 18 Aug 2023 20:23:28 +0000 Received: from localhost ([127.0.0.1]:48890 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX60G-0006dm-I6 for submit@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:28 -0400 Received: from tilde.club ([2607:5300:204:4340::114]:42482 ident=postfix) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX60F-0006df-BH for 65221@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:27 -0400 Received: by tilde.club (Postfix, from userid 5378) id 5BAD12250B9BD; Fri, 18 Aug 2023 20:23:26 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club 5BAD12250B9BD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1692390206; bh=3rHs921OPchPGGiUp/5LSeroI6rTTXbVTIfdaf0X9S4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Oc3Fb9fvKg16A5ha2ggqgbRV4F+llMgXBck6nXxpOiwcIa104tVZINo5qE67b4at8 TRUn9btiFuYDCrU/HjN9lDymxqTuAyZOxtivvtsAJW+D60c5oTxO3pF3BhNvh0Dmib eN2pg8nlnJvjvImrJC3VWR96jVe4Knmnrvq7W280= From: ulfvonbelow Date: Fri, 18 Aug 2023 15:22:37 -0500 Message-Id: <20230818202239.21177-4-striness@tilde.club> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230818202239.21177-1-striness@tilde.club> References: <20230818202239.21177-1-striness@tilde.club> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches EXTRA-PORTS is only honored when either LOG-PORT or LOG-FILE is passed. I have no idea why this is the case, it isn't documented anywhere, and it isn't intuitive. * modules/shepherd/service.scm (exec-command): Move preserve-ports call outside of condition. --- modules/shepherd/service.scm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 68993ac..e816cd1 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -1581,11 +1581,7 @@ false." #o640) (fileno log-port)) 1) - (dup2 1 2) - - ;; Make EXTRA-PORTS available starting from file descriptor 3. - ;; This clears their FD_CLOEXEC flag. - (reconfigure-fds extra-ports 3)) + (dup2 1 2)) (lambda (key . args) (when log-file @@ -1594,6 +1590,10 @@ false." (print-exception (current-error-port) #f key args) (primitive-exit 1)))) + ;; Make EXTRA-PORTS available starting from file descriptor 3. + ;; This clears their FD_CLOEXEC flag. + (reconfigure-fds extra-ports 3) + ;; setgid must be done *before* setuid, otherwise the user will ;; likely no longer have permissions to setgid. (when group From patchwork Fri Aug 18 20:22:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ulfvonbelow X-Patchwork-Id: 16041 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C722E27BBEC; Fri, 18 Aug 2023 21:24:12 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id BE3B627BBE2 for ; Fri, 18 Aug 2023 21:24:11 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qX60s-0008T6-00; Fri, 18 Aug 2023 16:24:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qX60p-0008RL-3y for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qX60o-0008G3-SG for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qX60p-0006fS-EO for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#65221] [PATCH 5/6] service: use RECONFIGURE-FDS for redirecting FDs 0-2. Resent-From: ulfvonbelow Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 18 Aug 2023 20:24:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65221 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65221@debbugs.gnu.org Cc: ulfvonbelow Received: via spool by 65221-submit@debbugs.gnu.org id=B65221.169239021925558 (code B ref 65221); Fri, 18 Aug 2023 20:24:03 +0000 Received: (at 65221) by debbugs.gnu.org; 18 Aug 2023 20:23:39 +0000 Received: from localhost ([127.0.0.1]:48893 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX60Q-0006eA-TF for submit@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:39 -0400 Received: from tilde.club ([2607:5300:204:4340::114]:43580 ident=postfix) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX60O-0006e2-MI for 65221@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:37 -0400 Received: by tilde.club (Postfix, from userid 5378) id AD3822250B9BD; Fri, 18 Aug 2023 20:23:35 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club AD3822250B9BD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1692390215; bh=lh+5H7R4WVDYzZjyh6yO9P0SCUKXn1IQbukNEpklb18=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=in7GRTY2fnH2Mt9TX87ssXX89bcnGLRY7wOUV1xdvb3hKTYCbl9l6h6YerBvTPu8c c+nFiygjqIT6u0UYNF1n6xhZDujU+GtFCxrNgWM5cEFhkoie/u0bR/XkHymDwrOYv2 z0I7YHaEBgaGkqBcL/SH6zvpw9DaB4PAknGPsHhk= From: ulfvonbelow Date: Fri, 18 Aug 2023 15:22:38 -0500 Message-Id: <20230818202239.21177-5-striness@tilde.club> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230818202239.21177-1-striness@tilde.club> References: <20230818202239.21177-1-striness@tilde.club> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches There are currently some corner cases in how EXTRA-PORTS works due to it not managing FDs 0, 1, and 2. Specifically, if one were to include a port in EXTRA-PORTS with FD 0, 1, or 2, it would *not* be preserved, and would instead represent the file that EXEC-COMMAND assigned to that file descriptor. To avoid this, it's necessary to call RECONFIGURE-FDS *before* redirecting the input, but this could clobber LOG-PORT or INPUT-PORT, so it would become necessary to include LOG-PORT and INPUT-PORT in the call to RECONFIGURE-FDS, then do the redirection using the new FD assignment, then close them. This complication can be avoided if we simply let RECONFIGURE-FDS itself do the redirection. This also solves other edge cases, like if LOG-PORT has fileno 0 or 1 (previously passing a LOG-PORT of (current-output-port) would cause an error, as the underlying file descriptor would be closed before dup2 was called to copy it), or if INPUT-PORT has fileno 0. To solve this, we have RECONFIGURE-FDS start the range it copies into at 0 instead of 3. We then explicitly pass the desired standard I/O FDs / ports at the front of the list passed to RECONFIGURE-FDS. We also use O_CLOEXEC for opening /dev/null and the log file so that the file descriptors they are originally opened on don't hang around. * modules/shepherd/service.scm (exec-command): use RECONFIGURE-FDS for redirecting FDs 0, 1, and 2. --- modules/shepherd/service.scm | 62 +++++++++++++++++------------------- 1 file changed, 30 insertions(+), 32 deletions(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index e816cd1..3008e31 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -1561,38 +1561,36 @@ false." (chdir directory) (environ environment-variables) - ;; Redirect stdin. - (catch-system-error (close-fdes 0)) - ;; Make sure file descriptor zero is used, so we don't end up reusing - ;; it for something unrelated, which can confuse some packages. - (dup2 (if input-port - (fileno input-port) - (open-fdes "/dev/null" O_RDONLY)) - 0) - - (when (or log-port log-file) - (catch #t - (lambda () - ;; Redirect stdout and stderr to use LOG-FILE. - (catch-system-error (close-fdes 1)) - (catch-system-error (close-fdes 2)) - (dup2 (if log-file - (open-fdes log-file (logior O_CREAT O_WRONLY O_APPEND) - #o640) - (fileno log-port)) - 1) - (dup2 1 2)) - - (lambda (key . args) - (when log-file - (format (current-error-port) - "failed to open log-file ~s:~%" log-file)) - (print-exception (current-error-port) #f key args) - (primitive-exit 1)))) - - ;; Make EXTRA-PORTS available starting from file descriptor 3. - ;; This clears their FD_CLOEXEC flag. - (reconfigure-fds extra-ports 3) + (let* ( ;; Make sure file descriptor zero is used, so we don't end up reusing + ;; it for something unrelated, which can confuse some packages. + (stdin (or input-port (open-fdes "/dev/null" + (logior O_RDONLY + O_CLOEXEC)))) + (stdout (catch #t + (lambda () + (or log-port + (and log-file + (open-fdes log-file + (logior O_CREAT O_WRONLY O_APPEND + O_CLOEXEC) + #o640)) + 1)) + (lambda (key . args) + (when log-file + (format (current-error-port) + "failed to open log-file ~s:~%" log-file)) + (print-exception (current-error-port) #f key args) + (primitive-exit 1)))) + (stderr (if (or log-port log-file) + stdout + 2)) + (all-fds (+ 3 (length extra-ports)))) + ;; Make EXTRA-PORTS available starting from file descriptor 3. + ;; This clears their FD_CLOEXEC flag. + (reconfigure-fds (cons* stdin + stdout + stderr + extra-ports))) ;; setgid must be done *before* setuid, otherwise the user will ;; likely no longer have permissions to setgid. From patchwork Fri Aug 18 20:22:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ulfvonbelow X-Patchwork-Id: 16043 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 4A77027BBEA; Fri, 18 Aug 2023 21:24:18 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 80AA627BBE2 for ; Fri, 18 Aug 2023 21:24:17 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qX60q-0008SW-O7; Fri, 18 Aug 2023 16:24:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qX60p-0008Rw-Ft for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qX60p-0008GB-7p for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qX60p-0006fZ-QR for guix-patches@gnu.org; Fri, 18 Aug 2023 16:24:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#65221] [PATCH 6/6] service: exec-command: close other file descriptors by default. Resent-From: ulfvonbelow Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 18 Aug 2023 20:24:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 65221 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 65221@debbugs.gnu.org Cc: ulfvonbelow Received: via spool by 65221-submit@debbugs.gnu.org id=B65221.169239022825581 (code B ref 65221); Fri, 18 Aug 2023 20:24:03 +0000 Received: (at 65221) by debbugs.gnu.org; 18 Aug 2023 20:23:48 +0000 Received: from localhost ([127.0.0.1]:48896 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX60a-0006eX-D8 for submit@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:48 -0400 Received: from tilde.club ([2607:5300:204:4340::114]:54574 ident=postfix) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qX60Y-0006eO-2x for 65221@debbugs.gnu.org; Fri, 18 Aug 2023 16:23:46 -0400 Received: by tilde.club (Postfix, from userid 5378) id 1BFBD2250B9BD; Fri, 18 Aug 2023 20:23:45 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 tilde.club 1BFBD2250B9BD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tilde.club; s=mail; t=1692390225; bh=ZgBbQs28uqvNpr/4pc3fFoWaeSblYKOh4Iz3s/RVLNc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BnuTFdUqnnkLyM2Rg0Z1zHXgooAFR7OW1Et5Lk8PP4PWKcR8e6jzXvAkh6+Fk+v1M 8fLM2nrB+c/1fOY0bgqfc5+gv3h1xCvLCNrkIL6t7ofxPwoNli3k/tLiwmFc2y35dW /i0z6CJvzAowQlbo5/9PiRCv/MK+clR2rtVwoQoI= From: ulfvonbelow Date: Fri, 18 Aug 2023 15:22:39 -0500 Message-Id: <20230818202239.21177-6-striness@tilde.club> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230818202239.21177-1-striness@tilde.club> References: <20230818202239.21177-1-striness@tilde.club> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches If EXTRA-PORTS is given, no strong guarantee about which, if any, other file descriptors will remain open can be made anyhow. Better to err on the side of caution in that case and close them. If EXTRA-PORTS isn't given, we can either close all non-standard file descriptors or none of them. The former I've decided to represent with the empty list, and the latter with #t (as in "which extra ports do you want? ... Yes"). We choose '() for the default because 1. It's already the default value. 2. It's hard to imagine a use case that depends on EXTRA-PORTS being explicitly given, but additional unspecified file descriptors also being available, since that has never worked and in the general case never can, short of manually duplicating ports to high file descriptors. 3. It's hard to imagine a use case that depends on EXTRA-PORTS not being given and additional unspecified file descriptors also being available, since until 0.9.2 this didn't work, and 4. It's the documented behavior, both in EXEC-COMMAND's docstring and in the manual. 5. It's how guile's system* behaves, and this makes our transparent replacement a closer match. 6. It errs on the side of security. While *_CLOEXEC is good practice and a quality second layer of defense against unintentional leaking of file descriptors, it requires all fd-opening to be done very carefully in a concurrent context. Understanding everything that can and can't be a yield point requires a nontrivial understanding of both shepherd and fibers. For example, at present, on systems without signalfd support, *anything* where asyncs can run can be a yield point, due to the fact that the SIGCHLD handler calls put-message. --- modules/shepherd/service.scm | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 3008e31..924cbfe 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -1537,7 +1537,8 @@ either LOG-PORT or LOG-FILE if it's true, whereas file descriptor 0 (standard input) points to INPUT-PORT or /dev/null. EXTRA-PORTS are made available starting from file descriptor 3 onwards; all -other file descriptors are closed prior to yielding control to COMMAND. When +other file descriptors are closed prior to yielding control to COMMAND, unless +EXTRA-PORTS is #t, in which case no file descriptors are closed. When CREATE-SESSION? is true, call 'setsid' first. Guile's SETRLIMIT procedure is applied on the entries in RESOURCE-LIMITS. For @@ -1590,7 +1591,17 @@ false." (reconfigure-fds (cons* stdin stdout stderr - extra-ports))) + (if (list? extra-ports) + extra-ports + '()))) + (unless (eq? extra-ports #t) + (let ((max-fds-count (max-file-descriptors))) + (let loop ((fd (+ 3 (length extra-ports)))) + (when (< fd max-fds-count) + ;; Use FD_CLOEXEC instead of close-fdes so fd finalizers don't + ;; run. + (catch-system-error (fcntl fd F_SETFD FD_CLOEXEC)) + (loop (+ fd 1))))))) ;; setgid must be done *before* setuid, otherwise the user will ;; likely no longer have permissions to setgid.