Page MenuHomeFreeBSD
Differential D44372

Allow subset of wait4(2) functionality in Capsicum mode
Needs ReviewPublic
Actions

Authored by trasz on Mar 15 2024, 12:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Apr 26, 4:13 AM
Unknown Object (File)
Sat, Apr 20, 10:56 PM
Unknown Object (File)
Sat, Apr 20, 6:31 AM
Unknown Object (File)
Fri, Apr 19, 7:13 PM
Unknown Object (File)
Fri, Apr 19, 7:45 AM
Unknown Object (File)
Mon, Apr 8, 7:37 AM
Unknown Object (File)
Thu, Apr 4, 4:23 PM
Unknown Object (File)
Mar 25 2024, 1:40 PM
View All 9 Files
Subscribers
imp
jonathan
olce
oshogbo

Details

Reviewers
brooks
Group Reviewers
capsicum
Summary

The usual way of handling process exit exit in capsicum(4) mode is by using process
descriptors (pdfork(2)) instead of the traditional fork(2)/wait4(2) API. But most apps
hadn't been converted this way, and many cannot because the wait is hidden behind
a library APIs that revolve around PID numbers and not descriptors; GLib's
g_spawn_check_wait_status(3) is one example.

Thus, provide backwards compatibility by allowing the wait(2) family of functions
in Capsicum mode, except for child processes created by pdfork(2).

One practical result is that with this patch, a capsicated irssi(1) is no longer
leaving zombies around.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 56722
Build 53610: arc lint + arc unit

Event Timeline

trasz created this revision.Mar 15 2024, 12:22 PM
Herald added a reviewer: brooks. · View Herald TranscriptMar 15 2024, 12:22 PM
Herald added subscribers: olce, jonathan, imp. · View Herald Transcript
trasz requested review of this revision.Mar 15 2024, 12:22 PM
Harbormaster completed remote builds in B56624: Diff 135782.Mar 15 2024, 12:22 PM
trasz added a reviewer: capsicum.Mar 15 2024, 12:24 PM
oshogbo added a subscriber: oshogbo.Mar 15 2024, 12:33 PM

I think this behavior should be documented in the man pages (capsicum/wait), as it isn't obvious.

oshogbo added a comment.Mar 15 2024, 12:35 PM

Also, do you have any particular cases or example of application where you want to use it?

trasz mentioned this in D44373: Capsicum vs the Pathnames, a PoC.Mar 15 2024, 12:48 PM
brooks added a comment.Mar 15 2024, 6:46 PM

What about wait6?

Should there be a way for a program to disable this?

trasz added a comment.EditedMar 21 2024, 12:44 PM

I agree this should be documented somewhere, but at the moment wait(2) doesn't mention Capsicum at all, and capsicum(4) doesn't mention wait(2). Perhaps a paragraph in pdfork(2), something along the lines of "processes created with pdfork cannot be waited for by a parent running in capsicum(4) mode"?

Regarding use case - sh(1) when running with D44373 in place. Also either bmake(1) or clang(1) in a similar circumstances.

As for wait6(2) - definitely; I'll update the patch. Should I also handle wait(2) similarly, or is that just for backward compatibility?

As for disabling - I'm not sure. Are there cases where we'd need to?

trasz updated this revision to Diff 136036.Mar 21 2024, 1:33 PM

Fix panic which occured when the PID is specified explictly.
Also handle wait6(2). Add some documentation. Pacify a test.

Harbormaster completed remote builds in B56722: Diff 136036.Mar 21 2024, 1:33 PM
trasz edited the summary of this revision. (Show Details)Mon, Apr 22, 1:37 PM

Revision Contents
Changeset List

PathSize
contrib/
capsicum-test/
1 line
lib/
libsys/
13 lines
sys/
kern/
12 lines
4 lines

Diff 136036

View Options

contrib/capsicum-test/capmode.cc

Loading...
View Options

lib/libsys/wait.2

Loading...
View Options

sys/kern/kern_exit.c

Loading...
View Options

sys/kern/syscalls.master

Loading...