diff options
| author | Lennart Poettering <lennart@poettering.net> | 2017-12-22 13:08:14 +0100 |
|---|---|---|
| committer | Sven Eden <yamakuzure@gmx.net> | 2018-05-30 07:49:44 +0200 |
| commit | 45aef547896d1e91b2b2a121566320b5c3a17948 (patch) | |
| tree | 4e4684c715e966e9fc6edfdc89def6c31124663d /src/libelogind/sd-bus/bus-container.c | |
| parent | 7cfc65cbfb5fb2e06710cab0d5008a0643735d49 (diff) | |
tree-wide: introduce new safe_fork() helper and port everything over
This adds a new safe_fork() wrapper around fork() and makes use of it
everywhere. The new wrapper does a couple of things we previously did
manually and separately in a safer, more correct and automatic way:
1. Optionally resets signal handlers/mask in the child
2. Sets a name on all processes we fork off right after forking off (and
the patch assigns useful names for all processes we fork off now,
following a systematic naming scheme: always enclosed in () – in order
to indicate that these are not proper, exec()ed processes, but only
forked off children, and if the process is long-running with only our
own code, without execve()'ing something else, it gets am "sd-" prefix.)
3. Optionally closes all file descriptors in the child
4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe
way so that the parent dying before this happens being handled
safely.
5. Optionally reopens the logs
6. Optionally connects stdin/stdout/stderr to /dev/null
7. Debug logs about the forked off processes.
Diffstat (limited to 'src/libelogind/sd-bus/bus-container.c')
| -rw-r--r-- | src/libelogind/sd-bus/bus-container.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/src/libelogind/sd-bus/bus-container.c b/src/libelogind/sd-bus/bus-container.c index 8f6d34838..a1242c567 100644 --- a/src/libelogind/sd-bus/bus-container.c +++ b/src/libelogind/sd-bus/bus-container.c @@ -62,11 +62,10 @@ int bus_container_connect_socket(sd_bus *b) { if (socketpair(AF_UNIX, SOCK_SEQPACKET, 0, pair) < 0) return -errno; - child = fork(); - if (child < 0) - return -errno; - - if (child == 0) { + r = safe_fork("(sd-buscntr)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &child); + if (r < 0) + return r; + if (r == 0) { pid_t grandchild; pair[0] = safe_close(pair[0]); @@ -82,11 +81,10 @@ int bus_container_connect_socket(sd_bus *b) { * comes from a process from within the container, and * not outside of it */ - grandchild = fork(); - if (grandchild < 0) + r = safe_fork("(sd-buscntr2)", FORK_RESET_SIGNALS|FORK_DEATHSIG, &grandchild); + if (r < 0) _exit(EXIT_FAILURE); - - if (grandchild == 0) { + if (r == 0) { r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size); if (r < 0) { |