Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

catatoinit: close fds >= 3 #14

Merged
merged 1 commit into from
Sep 15, 2021
Merged

catatoinit: close fds >= 3 #14

merged 1 commit into from
Sep 15, 2021

Conversation

giuseppe
Copy link
Contributor

@giuseppe giuseppe commented Sep 2, 2021

close any additional fd that was already leaked into the child
process.

Closes: #12

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

@giuseppe giuseppe marked this pull request as draft September 2, 2021 12:30
alexlarsson
alexlarsson reviewed Sep 2, 2021
View reviewed changes
catatonit.c Outdated Show resolved Hide resolved
@giuseppe giuseppe force-pushed the close-fds-ge-than-3 branch from 6ba3b11 to 733c5b3 Compare September 2, 2021 12:45
alexlarsson
alexlarsson reviewed Sep 2, 2021
View reviewed changes
catatonit.c Outdated Show resolved Hide resolved
@giuseppe giuseppe force-pushed the close-fds-ge-than-3 branch from 733c5b3 to 0b81b8b Compare September 2, 2021 12:46
@giuseppe giuseppe marked this pull request as ready for review September 2, 2021 12:47
alexlarsson
alexlarsson reviewed Sep 2, 2021
View reviewed changes
catatonit.c Outdated Show resolved Hide resolved
@giuseppe giuseppe force-pushed the close-fds-ge-than-3 branch 2 times, most recently from 047ac8e to c4563e1 Compare September 2, 2021 13:00
@giuseppe giuseppe force-pushed the close-fds-ge-than-3 branch from c4563e1 to 1ecdb97 Compare September 2, 2021 13:18
@alexlarsson
Copy link

lgtm

@giuseppe
Copy link
Contributor Author

@cyphar are you fine with this change?

cyphar
cyphar requested changes Sep 15, 2021
View reviewed changes
catatonit.c Outdated Show resolved Hide resolved
catatonit.c Outdated Show resolved Hide resolved
catatonit.c Outdated Show resolved Hide resolved
catatonit.c Outdated Show resolved Hide resolved
catatonit.c Outdated
@@ -361,6 +439,8 @@ int main(int argc, char **argv)
bail("self-check that pid1 (%d) was spawned failed: %m", pid1);
debug("pid1 (%d) spawned: %s", pid1, argv[0]);

close_fds_ge_than(3, sfd);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We obviously shouldn't bail here, but some kind of debug output if closing failed wouldn't hurt.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is already a warn for each close() that fails in the fallback code. Should we add another warn here?

Copy link
Member

@cyphar cyphar Sep 15, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If close_range() is supported you wouldn't get any indication the close failed right? It could just be a debug message so you don't get duplicate warnings.

EDIT: Actually maybe the warning for each fd should be a debug message, and a warning from calling this just to make the warnings consistent.

@cyphar
Copy link
Member

cyphar commented Sep 15, 2021
edited
Loading

Sorry, for some reason I didn't see this -- I think GitHub has given up on showing me new notifications from smaller repos. 😬

EDIT: Oh, for some reason my watch notifications for this repo weren't set to "everything". Sorry about that...

@giuseppe
Copy link
Contributor Author

Sorry, for some reason I didn't see this -- I think GitHub has given up on showing me new notifications from smaller repos. grimacing

EDIT: Oh, for some reason my watch notifications for this repo weren't set to "everything". Sorry about that...

no worries! Thanks for the review.

I've added a check for close_range in configure.ac and go through the syscall only when it is noy already defined in the standard library.

I've tested both build modes on Fedora 34, where close_range() is not available, and on Fedora Rawhide where it is defined.

cyphar
cyphar reviewed Sep 15, 2021
View reviewed changes
catatonit.c Outdated Show resolved Hide resolved
@cyphar cyphar mentioned this pull request Sep 15, 2021
Merged
@giuseppe
catatoinit: close fds >= 3
9c60e7d 
close any additional fd that was already leaked into the child
process.

Closes: openSUSE#12

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
cyphar
cyphar approved these changes Sep 15, 2021
View reviewed changes
Copy link
Member

@cyphar cyphar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@cyphar
Copy link
Member

cyphar commented Sep 15, 2021
edited
Loading

Ah I just noticed an embarrassing bug while testing this -- catatonit doesn't set the /dev/tty handle to O_CLOEXEC when foregrounding the child process. Will fix that too...

@cyphar cyphar merged commit 0d74f13 into openSUSE:master Sep 15, 2021
@cyphar cyphar mentioned this pull request Nov 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexlarsson alexlarsson alexlarsson left review comments

@cyphar cyphar cyphar approved these changes

Assignees
No one assigned
Labels
lgtm/need 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Babysitter doesn't close fds
3 participants
@giuseppe @alexlarsson @cyphar