diff options
author | Alexander Larsson <alexl@redhat.com> | 2016-05-11 15:33:49 +0200 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2016-05-11 15:33:49 +0200 |
commit | edcf485dde8084365bac2429aacb8859390a0c5e (patch) | |
tree | 51ce7f0bead5087884c7841358268d342f2927ac | |
parent | 7d7e5c3bf9dfcd46457668cecbf3af495ac0f47a (diff) | |
download | xdg-app-edcf485dde8084365bac2429aacb8859390a0c5e.tar.gz |
run: More background fd issues fixed
This also simplifies the child_setup func by clearing CLOEXEC
on the needed fds.
-rw-r--r-- | app/flatpak-builtins-build.c | 2 | ||||
-rw-r--r-- | common/flatpak-run.c | 37 | ||||
-rw-r--r-- | common/flatpak-run.h | 1 |
3 files changed, 17 insertions, 23 deletions
diff --git a/app/flatpak-builtins-build.c b/app/flatpak-builtins-build.c index ed3b67b..a7f8e84 100644 --- a/app/flatpak-builtins-build.c +++ b/app/flatpak-builtins-build.c @@ -169,7 +169,7 @@ flatpak_builtin_build (int argc, char **argv, GCancellable *cancellable, GError "--bind", gs_file_get_path_cached (app_files), "/app", NULL); - if (!flatpak_run_setup_base_argv (argv_array, runtime_files, NULL, runtime_ref_parts[2], FLATPAK_RUN_FLAG_DEVEL, error)) + if (!flatpak_run_setup_base_argv (argv_array, NULL, runtime_files, NULL, runtime_ref_parts[2], FLATPAK_RUN_FLAG_DEVEL, error)) return FALSE; /* After setup_base to avoid conflicts with /var symlinks */ diff --git a/common/flatpak-run.c b/common/flatpak-run.c index dbfb2a9..d8829b1 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -2217,6 +2217,7 @@ compute_permissions (GKeyFile *app_metadata, static gboolean add_app_info_args (GPtrArray *argv_array, + GArray *fd_array, FlatpakDeploy *deploy, const char *app_id, const char *runtime_ref, @@ -2260,6 +2261,8 @@ add_app_info_args (GPtrArray *argv_array, } unlink (tmp_path); fd_str = g_strdup_printf ("%d", fd); + if (fd_array) + g_array_append_val (fd_array, fd); add_args (argv_array, "--file", fd_str, dest, NULL); } @@ -2661,6 +2664,7 @@ setup_seccomp (GPtrArray *argv_array, gboolean flatpak_run_setup_base_argv (GPtrArray *argv_array, + GArray *fd_array, GFile *runtime_files, GFile *app_id_dir, const char *arch, @@ -2691,6 +2695,8 @@ flatpak_run_setup_base_argv (GPtrArray *argv_array, if ((passwd_fd = create_tmp_fd (passwd_contents, -1, error)) < 0) return FALSE; passwd_fd_str = g_strdup_printf ("%d", passwd_fd); + if (fd_array) + g_array_append_val (fd_array, passwd_fd); group_contents = g_strdup_printf ("%s:x:%d:%s\n" "nfsnobody:x:65534:\n", @@ -2699,6 +2705,8 @@ flatpak_run_setup_base_argv (GPtrArray *argv_array, if ((group_fd = create_tmp_fd (group_contents, -1, error)) < 0) return FALSE; group_fd_str = g_strdup_printf ("%d", group_fd); + if (fd_array) + g_array_append_val (fd_array, group_fd); add_args (argv_array, "--unshare-pid", @@ -2846,30 +2854,15 @@ static void child_setup (gpointer user_data) { GArray *fd_array = user_data; - int fd, i, open_max; + int i; /* If no fd_array was specified, don't care. */ if (fd_array == NULL) return; - /* Otherwise, mark close-on-exec all the fds not in the array */ - open_max = sysconf (_SC_OPEN_MAX); - for (fd = 3; fd < open_max; fd++) - { - gboolean found = FALSE; - for (i = 0; i < fd_array->len; i++) - { - if (g_array_index (fd_array, int, i) == fd) - { - found = TRUE; - break; - } - } - - if (!found) - fcntl (fd, F_SETFD, FD_CLOEXEC); - } - + /* Otherwise, mark not - close-on-exec all the fds in the array */ + for (i = 0; i < fd_array->len; i++) + fcntl (g_array_index (fd_array, int, i), F_SETFD, 0); } @@ -2998,10 +2991,10 @@ flatpak_run_app (const char *app_ref, "--lock-file", "/app/.ref", NULL); - if (!flatpak_run_setup_base_argv (argv_array, runtime_files, app_id_dir, app_ref_parts[2], flags, error)) + if (!flatpak_run_setup_base_argv (argv_array, fd_array, runtime_files, app_id_dir, app_ref_parts[2], flags, error)) return FALSE; - if (!add_app_info_args (argv_array, app_deploy, app_ref_parts[1], runtime_ref, app_context, error)) + if (!add_app_info_args (argv_array, fd_array, app_deploy, app_ref_parts[1], runtime_ref, app_context, error)) return FALSE; if (!flatpak_run_add_extension_args (argv_array, metakey, app_ref, cancellable, error)) @@ -3098,7 +3091,7 @@ flatpak_run_app (const char *app_ref, if (!g_spawn_async (NULL, (char **) real_argv_array->pdata, envp, - G_SPAWN_LEAVE_DESCRIPTORS_OPEN, + G_SPAWN_DEFAULT, child_setup, fd_array, NULL, error)) diff --git a/common/flatpak-run.h b/common/flatpak-run.h index d782bbf..3484604 100644 --- a/common/flatpak-run.h +++ b/common/flatpak-run.h @@ -91,6 +91,7 @@ typedef enum { } FlatpakRunFlags; gboolean flatpak_run_setup_base_argv (GPtrArray *argv_array, + GArray *fd_array, GFile *runtime_files, GFile *app_id_dir, const char *arch, |