shim: kill shim if setup becomes impossible
test / test (push) Successful in 23s
Details
test / test (push) Successful in 23s
Details
This prevents a hang when setup faults but the shim keeps waiting on the socket. Setup is automatically aborted when the shim is killed. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
3b82cc55de
commit
31350d74e5
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
|
|
@ -64,7 +64,14 @@ func (a *app) Start() error {
|
|||
a.cmd.Dir = a.seal.RunDirPath
|
||||
|
||||
a.abort = make(chan error)
|
||||
if err := shim.ServeConfig(confSockPath, a.abort, a.seal.sys.UID(), &shim.Payload{
|
||||
procReady := make(chan struct{})
|
||||
if err := shim.ServeConfig(confSockPath, a.abort, func() {
|
||||
<-procReady
|
||||
if err := a.cmd.Process.Signal(os.Interrupt); err != nil {
|
||||
fmsg.Println("cannot kill shim on faulted setup:", err)
|
||||
}
|
||||
fmt.Print("\r")
|
||||
}, a.seal.sys.UID(), &shim.Payload{
|
||||
Argv: a.seal.command,
|
||||
Exec: shimExec,
|
||||
Bwrap: a.seal.sys.bwrap,
|
||||
|
|
@ -85,6 +92,7 @@ func (a *app) Start() error {
|
|||
"cannot start process:")
|
||||
}
|
||||
startTime := time.Now().UTC()
|
||||
close(procReady)
|
||||
|
||||
// create process state
|
||||
sd := state.State{
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ import (
|
|||
"encoding/gob"
|
||||
"errors"
|
||||
"net"
|
||||
"os"
|
||||
"syscall"
|
||||
|
||||
"git.ophivana.moe/security/fortify/acl"
|
||||
|
|
@ -13,7 +12,7 @@ import (
|
|||
|
||||
// called in the parent process
|
||||
|
||||
func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl *Wayland) error {
|
||||
func ServeConfig(socket string, abort chan error, killShim func(), uid int, payload *Payload, wl *Wayland) error {
|
||||
if payload.WL {
|
||||
if f, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: wl.Path, Net: "unix"}); err != nil {
|
||||
return err
|
||||
|
|
@ -58,7 +57,7 @@ func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl
|
|||
} else {
|
||||
if err = gob.NewEncoder(conn).Encode(*payload); err != nil {
|
||||
fmsg.Println("cannot stream shim payload:", err)
|
||||
_ = os.Remove(socket)
|
||||
killShim()
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -67,6 +66,7 @@ func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl
|
|||
var rc syscall.RawConn
|
||||
if rc, err = wl.SyscallConn(); err != nil {
|
||||
fmsg.Println("cannot obtain raw wayland connection:", err)
|
||||
killShim()
|
||||
return
|
||||
} else {
|
||||
go func() {
|
||||
|
|
@ -74,6 +74,7 @@ func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl
|
|||
if err = rc.Control(func(fd uintptr) {
|
||||
if _, _, err = conn.WriteMsgUnix(nil, syscall.UnixRights(int(fd)), nil); err != nil {
|
||||
fmsg.Println("cannot pass wayland connection to shim:", err)
|
||||
killShim()
|
||||
return
|
||||
}
|
||||
_ = conn.Close()
|
||||
|
|
|
|||
Loading…
Reference in New Issue