Commit 7eda943

committed

Auto merge of #89924 - cuviper:beta-clone3, r=Mark-Simulacrum

Only use `clone3` when needed for pidfd In #89522 we learned that `clone3` is interacting poorly with Gentoo's `sandbox` tool. We only need that for the unstable pidfd extensions, so otherwise avoid that and use a normal `fork`. r? `@Mark-Simulacrum`

2 parents 58268ff + 74ef530 commit 7eda943Copy full SHA for 7eda943

File tree

1 file changed

-3

lines changed

library/std/src/sys/unix/process
- process_unix.rs

1 file changed

-3

lines changed

`‎library/std/src/sys/unix/process/process_unix.rs`

Lines changed: 9 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -166,14 +166,20 @@ impl Command {`
`166`	`166`	`fn clone3(cl_args: *mut clone_args, len: libc::size_t) -> libc::c_long`
`167`	`167`	`}`
`168`	`168`
	`169`	+ // Bypassing libc for `clone3` can make further libc calls unsafe,
	`170`	`+ // so we use it sparingly for now. See #89522 for details.`
	`171`	+ // Some tools (e.g. sandboxing tools) may also expect `fork`
	`172`	+ // rather than `clone3`.
	`173`	`+ let want_clone3 = self.get_create_pidfd();`
	`174`	`+`
`169`	`175`	`// If we fail to create a pidfd for any reason, this will`
`170`	`176`	`// stay as -1, which indicates an error.`
`171`	`177`	`let mut pidfd: pid_t = -1;`
`172`	`178`
`173`	`179`	// Attempt to use the `clone3` syscall, which supports more arguments
`174`	`180`	`// (in particular, the ability to create a pidfd). If this fails,`
`175`	`181`	// we will fall through this block to a call to `fork()`
`176`		`- if HAS_CLONE3.load(Ordering::Relaxed) {`
	`182`	`+ if want_clone3 && HAS_CLONE3.load(Ordering::Relaxed) {`
`177`	`183`	`let mut flags = 0;`
`178`	`184`	`if self.get_create_pidfd() {`
`179`	`185`	`flags \|= CLONE_PIDFD;`
`@@ -212,8 +218,8 @@ impl Command {`
`212`	`218`	`}`
`213`	`219`	`}`
`214`	`220`
`215`		`- // If we get here, the 'clone3' syscall does not exist`
`216`		`- // or we do not have permission to call it`
	`221`	+ // Generally, we just call `fork`. If we get here after wanting `clone3`,
	`222`	`+ // then the syscall does not exist or we do not have permission to call it.`
`217`	`223`	`cvt(libc::fork()).map(\|res\| (res, pidfd))`
`218`	`224`	`}`
`219`	`225`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 7eda943

File tree

1 file changed

1 file changed

`‎library/std/src/sys/unix/process/process_unix.rs`

0 commit comments