libutil: make Pid -> pid_t operations explicit
Change-Id: I3137cc140590001fe7ba542844e735944a0a9255
This commit is contained in:
parent
a9949f4760
commit
b43a2e84c4
6 changed files with 13 additions and 18 deletions
|
@ -378,7 +378,7 @@ RunPager::RunPager()
|
||||||
RunPager::~RunPager()
|
RunPager::~RunPager()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
if (pid != -1) {
|
if (pid) {
|
||||||
std::cout.flush();
|
std::cout.flush();
|
||||||
dup2(std_out, STDOUT_FILENO);
|
dup2(std_out, STDOUT_FILENO);
|
||||||
pid.wait();
|
pid.wait();
|
||||||
|
|
|
@ -79,7 +79,7 @@ HookInstance::~HookInstance()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
toHook.writeSide.reset();
|
toHook.writeSide.reset();
|
||||||
if (pid != -1) pid.kill();
|
if (pid) pid.kill();
|
||||||
} catch (...) {
|
} catch (...) {
|
||||||
ignoreException();
|
ignoreException();
|
||||||
}
|
}
|
||||||
|
|
|
@ -137,7 +137,7 @@ LocalStore & LocalDerivationGoal::getLocalStore()
|
||||||
|
|
||||||
void LocalDerivationGoal::killChild()
|
void LocalDerivationGoal::killChild()
|
||||||
{
|
{
|
||||||
if (pid != -1) {
|
if (pid) {
|
||||||
worker.childTerminated(this);
|
worker.childTerminated(this);
|
||||||
|
|
||||||
/* If we're using a build user, then there is a tricky race
|
/* If we're using a build user, then there is a tricky race
|
||||||
|
@ -145,7 +145,7 @@ void LocalDerivationGoal::killChild()
|
||||||
done its setuid() to the build user uid, then it won't be
|
done its setuid() to the build user uid, then it won't be
|
||||||
killed, and we'll potentially lock up in pid.wait(). So
|
killed, and we'll potentially lock up in pid.wait(). So
|
||||||
also send a conventional kill to the child. */
|
also send a conventional kill to the child. */
|
||||||
::kill(-pid, SIGKILL); /* ignore the result */
|
::kill(-pid.get(), SIGKILL); /* ignore the result */
|
||||||
|
|
||||||
killSandbox(true);
|
killSandbox(true);
|
||||||
|
|
||||||
|
@ -961,13 +961,13 @@ void LocalDerivationGoal::startBuilder()
|
||||||
uid_t hostGid = buildUser ? buildUser->getGID() : getgid();
|
uid_t hostGid = buildUser ? buildUser->getGID() : getgid();
|
||||||
uid_t nrIds = buildUser ? buildUser->getUIDCount() : 1;
|
uid_t nrIds = buildUser ? buildUser->getUIDCount() : 1;
|
||||||
|
|
||||||
writeFile("/proc/" + std::to_string(pid) + "/uid_map",
|
writeFile("/proc/" + std::to_string(pid.get()) + "/uid_map",
|
||||||
fmt("%d %d %d", sandboxUid(), hostUid, nrIds));
|
fmt("%d %d %d", sandboxUid(), hostUid, nrIds));
|
||||||
|
|
||||||
if (!buildUser || buildUser->getUIDCount() == 1)
|
if (!buildUser || buildUser->getUIDCount() == 1)
|
||||||
writeFile("/proc/" + std::to_string(pid) + "/setgroups", "deny");
|
writeFile("/proc/" + std::to_string(pid.get()) + "/setgroups", "deny");
|
||||||
|
|
||||||
writeFile("/proc/" + std::to_string(pid) + "/gid_map",
|
writeFile("/proc/" + std::to_string(pid.get()) + "/gid_map",
|
||||||
fmt("%d %d %d", sandboxGid(), hostGid, nrIds));
|
fmt("%d %d %d", sandboxGid(), hostGid, nrIds));
|
||||||
} else {
|
} else {
|
||||||
debug("note: not using a user namespace");
|
debug("note: not using a user namespace");
|
||||||
|
@ -990,19 +990,19 @@ void LocalDerivationGoal::startBuilder()
|
||||||
|
|
||||||
/* Save the mount- and user namespace of the child. We have to do this
|
/* Save the mount- and user namespace of the child. We have to do this
|
||||||
*before* the child does a chroot. */
|
*before* the child does a chroot. */
|
||||||
sandboxMountNamespace = AutoCloseFD{open(fmt("/proc/%d/ns/mnt", (pid_t) pid).c_str(), O_RDONLY)};
|
sandboxMountNamespace = AutoCloseFD{open(fmt("/proc/%d/ns/mnt", pid.get()).c_str(), O_RDONLY)};
|
||||||
if (sandboxMountNamespace.get() == -1)
|
if (sandboxMountNamespace.get() == -1)
|
||||||
throw SysError("getting sandbox mount namespace");
|
throw SysError("getting sandbox mount namespace");
|
||||||
|
|
||||||
if (usingUserNamespace) {
|
if (usingUserNamespace) {
|
||||||
sandboxUserNamespace = AutoCloseFD{open(fmt("/proc/%d/ns/user", (pid_t) pid).c_str(), O_RDONLY)};
|
sandboxUserNamespace = AutoCloseFD{open(fmt("/proc/%d/ns/user", pid.get()).c_str(), O_RDONLY)};
|
||||||
if (sandboxUserNamespace.get() == -1)
|
if (sandboxUserNamespace.get() == -1)
|
||||||
throw SysError("getting sandbox user namespace");
|
throw SysError("getting sandbox user namespace");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Move the child into its own cgroup. */
|
/* Move the child into its own cgroup. */
|
||||||
if (cgroup)
|
if (cgroup)
|
||||||
writeFile(*cgroup + "/cgroup.procs", fmt("%d", (pid_t) pid));
|
writeFile(*cgroup + "/cgroup.procs", fmt("%d", pid.get()));
|
||||||
|
|
||||||
/* Signal the builder that we've updated its user namespace. */
|
/* Signal the builder that we've updated its user namespace. */
|
||||||
writeFull(userNamespaceSync.writeSide.get(), "1");
|
writeFull(userNamespaceSync.writeSide.get(), "1");
|
||||||
|
|
|
@ -131,7 +131,7 @@ Path SSHMaster::startMaster()
|
||||||
|
|
||||||
auto state(state_.lock());
|
auto state(state_.lock());
|
||||||
|
|
||||||
if (state->sshMaster != -1) return state->socketPath;
|
if (state->sshMaster) return state->socketPath;
|
||||||
|
|
||||||
state->socketPath = (Path) *state->tmpDir + "/ssh.sock";
|
state->socketPath = (Path) *state->tmpDir + "/ssh.sock";
|
||||||
|
|
||||||
|
|
|
@ -55,12 +55,6 @@ void Pid::operator =(pid_t pid)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
Pid::operator pid_t()
|
|
||||||
{
|
|
||||||
return pid;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int Pid::kill()
|
int Pid::kill()
|
||||||
{
|
{
|
||||||
assert(pid != -1);
|
assert(pid != -1);
|
||||||
|
|
|
@ -29,13 +29,14 @@ public:
|
||||||
Pid(pid_t pid);
|
Pid(pid_t pid);
|
||||||
~Pid() noexcept(false);
|
~Pid() noexcept(false);
|
||||||
void operator =(pid_t pid);
|
void operator =(pid_t pid);
|
||||||
operator pid_t();
|
explicit operator bool() const { return pid != -1; }
|
||||||
int kill();
|
int kill();
|
||||||
int wait();
|
int wait();
|
||||||
|
|
||||||
void setSeparatePG(bool separatePG);
|
void setSeparatePG(bool separatePG);
|
||||||
void setKillSignal(int signal);
|
void setKillSignal(int signal);
|
||||||
pid_t release();
|
pid_t release();
|
||||||
|
pid_t get() const { return pid; }
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue