experimental functionality to impersonate nobody user in executor

author: Dmitry Vyukov <dvyukov@google.com> 2015-10-20 17:43:02 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2015-10-20 17:43:02 +0200
commit: 0750245eea6b2b4dd4bb4f4f974beeb2a900c1d6 (patch)
tree: 3532569f66b218235abbc88f479f9acc84172152 /ipc
parent: 8264f54f5ed0bb351d10091f5157b37fca27e672 (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/ipc/ipc.go b/ipc/ipc.go
index 511398a7f..44a232048 100644
--- a/ipc/ipc.go
+++ b/ipc/ipc.go
@@ -34,6 +34,7 @@ const (
 	FlagCover                          // collect coverage
 	FlagThreaded                       // use multiple threads to mitigate blocked syscalls
 	FlagDedupCover                     // deduplicate coverage in executor
+	FlagDropPrivs                      // impersonate nobody user
 	FlagStrace                         // run executor under strace
 )
 
@@ -42,11 +43,20 @@ func MakeEnv(bin string, timeout time.Duration, flags uint64) (*Env, error) {
 	if err != nil {
 		return nil, err
 	}
+	defer func() {
+		if inf != nil {
+			closeMapping(inf, inmem)
+		}
+	}()
 	outf, outmem, err := createMapping(16 << 20)
 	if err != nil {
-		closeMapping(inf, inmem)
 		return nil, err
 	}
+	defer func() {
+		if outf != nil {
+			closeMapping(outf, outmem)
+		}
+	}()
 	for i := 0; i < 8; i++ {
 		inmem[i] = byte(flags >> (8 * uint(i)))
 	}
@@ -63,6 +73,8 @@ func MakeEnv(bin string, timeout time.Duration, flags uint64) (*Env, error) {
 	if len(env.bin) == 0 {
 		return nil, fmt.Errorf("binary is empty string")
 	}
+	inf = nil
+	outf = nil
 	return env, nil
 }
author	Dmitry Vyukov <dvyukov@google.com>	2015-10-20 17:43:02 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2015-10-20 17:43:02 +0200
commit	0750245eea6b2b4dd4bb4f4f974beeb2a900c1d6 (patch)
tree	3532569f66b218235abbc88f479f9acc84172152 /ipc
parent	8264f54f5ed0bb351d10091f5157b37fca27e672 (diff)