diff --git a/lib/libcasper/libcasper/libcasper_impl.c b/lib/libcasper/libcasper/libcasper_impl.c index e4411630c8a1..ae28c8769a07 100644 --- a/lib/libcasper/libcasper/libcasper_impl.c +++ b/lib/libcasper/libcasper/libcasper_impl.c @@ -1,46 +1,73 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2013 The FreeBSD Foundation * Copyright (c) 2015 Mariusz Zaborski * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ +#include #include #include +#include #include #include "libcasper_impl.h" bool fd_is_valid(int fd) { return (fcntl(fd, F_GETFL) != -1 || errno != EBADF); } + +void +fd_fix_environment(int *fdp) +{ + int nullfd, nfd; + + if (*fdp > STDERR_FILENO) + return; + + nullfd = open(_PATH_DEVNULL, O_RDWR); + if (nullfd == -1) + errx(1, "Unable to open %s", _PATH_DEVNULL); + + while (*fdp <= STDERR_FILENO) { + nfd = dup(*fdp); + if (nfd == -1) + errx(1, "Unable to secure fd"); + if (dup2(nullfd, *fdp) == -1) + errx(1, "Unable to secure fd"); + *fdp = nfd; + } + + close(nullfd); +} + diff --git a/lib/libcasper/libcasper/libcasper_impl.h b/lib/libcasper/libcasper/libcasper_impl.h index 11e43f083977..24049a0c07c8 100644 --- a/lib/libcasper/libcasper/libcasper_impl.h +++ b/lib/libcasper/libcasper/libcasper_impl.h @@ -1,85 +1,86 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2013 The FreeBSD Foundation * Copyright (c) 2015 Mariusz Zaborski * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _LIBCASPER_IMPL_H_ #define _LIBCASPER_IMPL_H_ #include #include "libcasper.h" #include "libcasper_service.h" struct service; struct service_connection; bool fd_is_valid(int fd); +void fd_fix_environment(int *fdp); /* Private service functions. */ struct service *service_alloc(const char *name, service_limit_func_t *limitfunc, service_command_func_t *commandfunc, uint64_t flags); void service_free(struct service *service); void service_message(struct service *service, struct service_connection *sconn); void service_start(struct service *service, int sock, int procfd); const char *service_name(struct service *service); int service_get_channel_flags(struct service *service); /* Private service connection functions. */ struct service_connection *service_connection_add(struct service *service, int sock, const nvlist_t *limits); void service_connection_remove( struct service *service, struct service_connection *sconn); int service_connection_clone( struct service *service, struct service_connection *sconn); struct service_connection *service_connection_first( struct service *service); struct service_connection *service_connection_next( struct service_connection *sconn); cap_channel_t *service_connection_get_chan( const struct service_connection *sconn); int service_connection_get_sock( const struct service_connection *sconn); const nvlist_t *service_connection_get_limits( const struct service_connection *sconn); void service_connection_set_limits( struct service_connection *sconn, nvlist_t *limits); /* Private libcasper functions. */ void casper_main_loop(int fd); #endif /* !_LIBCASPER_IMPL_H_ */ diff --git a/lib/libcasper/libcasper/service.c b/lib/libcasper/libcasper/service.c index 5c1c64d9a9d7..e87d0640347c 100644 --- a/lib/libcasper/libcasper/service.c +++ b/lib/libcasper/libcasper/service.c @@ -1,472 +1,475 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2013 The FreeBSD Foundation * Copyright (c) 2015 Mariusz Zaborski * All rights reserved. * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "libcasper.h" #include "libcasper_impl.h" /* * Currently there is only one service_connection per service. * In the future we may want multiple connections from multiple clients * per one service instance, but it has to be carefully designed. * The problem is that we may restrict/sandbox service instance according * to the limits provided. When new connection comes in with different * limits we won't be able to access requested resources. * Not to mention one process will serve to mutiple mutually untrusted * clients and compromise of this service instance by one of its clients * can lead to compromise of the other clients. */ /* * Client connections to the given service. */ #define SERVICE_CONNECTION_MAGIC 0x5e91c0ec struct service_connection { int sc_magic; cap_channel_t *sc_chan; nvlist_t *sc_limits; TAILQ_ENTRY(service_connection) sc_next; }; #define SERVICE_MAGIC 0x5e91ce struct service { int s_magic; char *s_name; uint64_t s_flags; service_limit_func_t *s_limit; service_command_func_t *s_command; TAILQ_HEAD(, service_connection) s_connections; }; struct service * service_alloc(const char *name, service_limit_func_t *limitfunc, service_command_func_t *commandfunc, uint64_t flags) { struct service *service; service = malloc(sizeof(*service)); if (service == NULL) return (NULL); service->s_name = strdup(name); if (service->s_name == NULL) { free(service); return (NULL); } service->s_limit = limitfunc; service->s_command = commandfunc; service->s_flags = flags; TAILQ_INIT(&service->s_connections); service->s_magic = SERVICE_MAGIC; return (service); } void service_free(struct service *service) { struct service_connection *sconn; assert(service->s_magic == SERVICE_MAGIC); service->s_magic = 0; while ((sconn = service_connection_first(service)) != NULL) service_connection_remove(service, sconn); free(service->s_name); free(service); } struct service_connection * service_connection_add(struct service *service, int sock, const nvlist_t *limits) { struct service_connection *sconn; int serrno; assert(service->s_magic == SERVICE_MAGIC); sconn = malloc(sizeof(*sconn)); if (sconn == NULL) return (NULL); sconn->sc_chan = cap_wrap(sock, service_get_channel_flags(service)); if (sconn->sc_chan == NULL) { serrno = errno; free(sconn); errno = serrno; return (NULL); } if (limits == NULL) { sconn->sc_limits = NULL; } else { sconn->sc_limits = nvlist_clone(limits); if (sconn->sc_limits == NULL) { serrno = errno; (void)cap_unwrap(sconn->sc_chan, NULL); free(sconn); errno = serrno; return (NULL); } } sconn->sc_magic = SERVICE_CONNECTION_MAGIC; TAILQ_INSERT_TAIL(&service->s_connections, sconn, sc_next); return (sconn); } void service_connection_remove(struct service *service, struct service_connection *sconn) { assert(service->s_magic == SERVICE_MAGIC); assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC); TAILQ_REMOVE(&service->s_connections, sconn, sc_next); sconn->sc_magic = 0; nvlist_destroy(sconn->sc_limits); cap_close(sconn->sc_chan); free(sconn); } int service_connection_clone(struct service *service, struct service_connection *sconn) { struct service_connection *newsconn; int serrno, sock[2]; if (socketpair(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0, sock) < 0) return (-1); newsconn = service_connection_add(service, sock[0], service_connection_get_limits(sconn)); if (newsconn == NULL) { serrno = errno; close(sock[0]); close(sock[1]); errno = serrno; return (-1); } return (sock[1]); } struct service_connection * service_connection_first(struct service *service) { struct service_connection *sconn; assert(service->s_magic == SERVICE_MAGIC); sconn = TAILQ_FIRST(&service->s_connections); assert(sconn == NULL || sconn->sc_magic == SERVICE_CONNECTION_MAGIC); return (sconn); } struct service_connection * service_connection_next(struct service_connection *sconn) { assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC); sconn = TAILQ_NEXT(sconn, sc_next); assert(sconn == NULL || sconn->sc_magic == SERVICE_CONNECTION_MAGIC); return (sconn); } cap_channel_t * service_connection_get_chan(const struct service_connection *sconn) { assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC); return (sconn->sc_chan); } int service_connection_get_sock(const struct service_connection *sconn) { assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC); return (cap_sock(sconn->sc_chan)); } const nvlist_t * service_connection_get_limits(const struct service_connection *sconn) { assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC); return (sconn->sc_limits); } void service_connection_set_limits(struct service_connection *sconn, nvlist_t *limits) { assert(sconn->sc_magic == SERVICE_CONNECTION_MAGIC); nvlist_destroy(sconn->sc_limits); sconn->sc_limits = limits; } void service_message(struct service *service, struct service_connection *sconn) { nvlist_t *nvlin, *nvlout; const char *cmd; int error, flags; flags = 0; if ((service->s_flags & CASPER_SERVICE_NO_UNIQ_LIMITS) != 0) flags = NV_FLAG_NO_UNIQUE; nvlin = cap_recv_nvlist(service_connection_get_chan(sconn)); if (nvlin == NULL) { service_connection_remove(service, sconn); return; } error = EDOOFUS; nvlout = nvlist_create(flags); cmd = nvlist_get_string(nvlin, "cmd"); if (strcmp(cmd, "limit_set") == 0) { nvlist_t *nvllim; nvllim = nvlist_take_nvlist(nvlin, "limits"); if (service->s_limit == NULL) { error = EOPNOTSUPP; } else { error = service->s_limit( service_connection_get_limits(sconn), nvllim); } if (error == 0) { service_connection_set_limits(sconn, nvllim); /* Function consumes nvllim. */ } else { nvlist_destroy(nvllim); } } else if (strcmp(cmd, "limit_get") == 0) { const nvlist_t *nvllim; nvllim = service_connection_get_limits(sconn); if (nvllim != NULL) nvlist_add_nvlist(nvlout, "limits", nvllim); else nvlist_add_null(nvlout, "limits"); error = 0; } else if (strcmp(cmd, "clone") == 0) { int sock; sock = service_connection_clone(service, sconn); if (sock == -1) { error = errno; } else { nvlist_move_descriptor(nvlout, "sock", sock); error = 0; } } else { error = service->s_command(cmd, service_connection_get_limits(sconn), nvlin, nvlout); } nvlist_destroy(nvlin); nvlist_add_number(nvlout, "error", (uint64_t)error); if (cap_send_nvlist(service_connection_get_chan(sconn), nvlout) == -1) service_connection_remove(service, sconn); nvlist_destroy(nvlout); } static int fd_add(fd_set *fdsp, int maxfd, int fd) { FD_SET(fd, fdsp); return (fd > maxfd ? fd : maxfd); } const char * service_name(struct service *service) { assert(service->s_magic == SERVICE_MAGIC); return (service->s_name); } int service_get_channel_flags(struct service *service) { int flags; assert(service->s_magic == SERVICE_MAGIC); flags = 0; if ((service->s_flags & CASPER_SERVICE_NO_UNIQ_LIMITS) != 0) flags |= CASPER_NO_UNIQ; return (flags); } static void stdnull(void) { int fd; fd = open(_PATH_DEVNULL, O_RDWR); if (fd == -1) errx(1, "Unable to open %s", _PATH_DEVNULL); if (setsid() == -1) errx(1, "Unable to detach from session"); if (dup2(fd, STDIN_FILENO) == -1) errx(1, "Unable to cover stdin"); if (dup2(fd, STDOUT_FILENO) == -1) errx(1, "Unable to cover stdout"); if (dup2(fd, STDERR_FILENO) == -1) errx(1, "Unable to cover stderr"); if (fd > STDERR_FILENO) close(fd); } static void -service_clean(int sock, int procfd, uint64_t flags) +service_clean(int *sockp, int *procfdp, uint64_t flags) { int fd, maxfd, minfd; - assert(sock > STDERR_FILENO); - assert(procfd > STDERR_FILENO); - assert(sock != procfd); + fd_fix_environment(sockp); + fd_fix_environment(procfdp); + + assert(*sockp > STDERR_FILENO); + assert(*procfdp > STDERR_FILENO); + assert(*sockp != *procfdp); if ((flags & CASPER_SERVICE_STDIO) == 0) stdnull(); if ((flags & CASPER_SERVICE_FD) == 0) { - if (procfd > sock) { - maxfd = procfd; - minfd = sock; + if (*procfdp > *sockp) { + maxfd = *procfdp; + minfd = *sockp; } else { - maxfd = sock; - minfd = procfd; + maxfd = *sockp; + minfd = *procfdp; } for (fd = STDERR_FILENO + 1; fd < maxfd; fd++) { if (fd != minfd) close(fd); } closefrom(maxfd + 1); } } void service_start(struct service *service, int sock, int procfd) { struct service_connection *sconn, *sconntmp; fd_set fds; int maxfd, nfds; assert(service != NULL); assert(service->s_magic == SERVICE_MAGIC); setproctitle("%s", service->s_name); - service_clean(sock, procfd, service->s_flags); + service_clean(&sock, &procfd, service->s_flags); if (service_connection_add(service, sock, NULL) == NULL) _exit(1); for (;;) { FD_ZERO(&fds); maxfd = -1; for (sconn = service_connection_first(service); sconn != NULL; sconn = service_connection_next(sconn)) { maxfd = fd_add(&fds, maxfd, service_connection_get_sock(sconn)); } assert(maxfd >= 0); assert(maxfd + 1 <= (int)FD_SETSIZE); nfds = select(maxfd + 1, &fds, NULL, NULL, NULL); if (nfds < 0) { if (errno != EINTR) _exit(1); continue; } else if (nfds == 0) { /* Timeout. */ abort(); } for (sconn = service_connection_first(service); sconn != NULL; sconn = sconntmp) { /* * Prepare for connection to be removed from the list * on failure. */ sconntmp = service_connection_next(sconn); if (FD_ISSET(service_connection_get_sock(sconn), &fds)) service_message(service, sconn); } if (service_connection_first(service) == NULL) { /* * No connections left, exiting. */ break; } } _exit(0); } diff --git a/lib/libcasper/libcasper/zygote.c b/lib/libcasper/libcasper/zygote.c index 2b84bb49a695..5cdd139cc134 100644 --- a/lib/libcasper/libcasper/zygote.c +++ b/lib/libcasper/libcasper/zygote.c @@ -1,219 +1,222 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2012 The FreeBSD Foundation * Copyright (c) 2015 Mariusz Zaborski * Copyright (c) 2017 Robert N. M. Watson * * This software was developed by Pawel Jakub Dawidek under sponsorship from * the FreeBSD Foundation. * * All rights reserved. * This software was developed by SRI International and the University of * Cambridge Computer Laboratory under DARPA/AFRL contract (FA8750-10-C-0237) * ("CTSRD"), as part of the DARPA CRASH research programme. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include +#include "libcasper_impl.h" #include "zygote.h" /* Zygote info. */ static int zygote_sock = -1; #define ZYGOTE_SERVICE_EXECUTE 1 int zygote_clone(uint64_t funcidx, int *chanfdp, int *procfdp) { nvlist_t *nvl; int error; if (zygote_sock == -1) { /* Zygote didn't start. */ errno = ENXIO; return (-1); } nvl = nvlist_create(0); nvlist_add_number(nvl, "funcidx", funcidx); nvl = nvlist_xfer(zygote_sock, nvl, 0); if (nvl == NULL) return (-1); if (nvlist_exists_number(nvl, "error")) { error = (int)nvlist_get_number(nvl, "error"); nvlist_destroy(nvl); errno = error; return (-1); } *chanfdp = nvlist_take_descriptor(nvl, "chanfd"); *procfdp = nvlist_take_descriptor(nvl, "procfd"); nvlist_destroy(nvl); return (0); } int zygote_clone_service_execute(int *chanfdp, int *procfdp) { return (zygote_clone(ZYGOTE_SERVICE_EXECUTE, chanfdp, procfdp)); } /* * This function creates sandboxes on-demand whoever has access to it via * 'sock' socket. Function sends two descriptors to the caller: process * descriptor of the sandbox and socket pair descriptor for communication * between sandbox and its owner. */ static void -zygote_main(int sock) +zygote_main(int *sockp) { int error, procfd; int chanfd[2]; nvlist_t *nvlin, *nvlout; uint64_t funcidx; zygote_func_t *func; pid_t pid; - assert(sock > STDERR_FILENO); + fd_fix_environment(sockp); + + assert(*sockp > STDERR_FILENO); setproctitle("zygote"); for (;;) { - nvlin = nvlist_recv(sock, 0); + nvlin = nvlist_recv(*sockp, 0); if (nvlin == NULL) { if (errno == ENOTCONN) { /* Casper exited. */ _exit(0); } continue; } funcidx = nvlist_get_number(nvlin, "funcidx"); nvlist_destroy(nvlin); switch (funcidx) { case ZYGOTE_SERVICE_EXECUTE: func = service_execute; break; default: _exit(0); } /* * Someone is requesting a new process, create one. */ procfd = -1; chanfd[0] = -1; chanfd[1] = -1; error = 0; if (socketpair(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0, chanfd) == -1) { error = errno; goto send; } pid = pdfork(&procfd, 0); switch (pid) { case -1: /* Failure. */ error = errno; break; case 0: /* Child. */ - close(sock); + close(*sockp); close(chanfd[0]); func(chanfd[1]); /* NOTREACHED */ _exit(1); default: /* Parent. */ close(chanfd[1]); break; } send: nvlout = nvlist_create(0); if (error != 0) { nvlist_add_number(nvlout, "error", (uint64_t)error); if (chanfd[0] >= 0) close(chanfd[0]); if (procfd >= 0) close(procfd); } else { nvlist_move_descriptor(nvlout, "chanfd", chanfd[0]); nvlist_move_descriptor(nvlout, "procfd", procfd); } - (void)nvlist_send(sock, nvlout); + (void)nvlist_send(*sockp, nvlout); nvlist_destroy(nvlout); } /* NOTREACHED */ } int zygote_init(void) { int serrno, sp[2]; pid_t pid; if (socketpair(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0, sp) == -1) return (-1); pid = fork(); switch (pid) { case -1: /* Failure. */ serrno = errno; close(sp[0]); close(sp[1]); errno = serrno; return (-1); case 0: /* Child. */ close(sp[0]); - zygote_main(sp[1]); + zygote_main(&sp[1]); /* NOTREACHED */ abort(); default: /* Parent. */ zygote_sock = sp[0]; close(sp[1]); return (0); } /* NOTREACHED */ }