diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2015-12-17 17:30:30 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2015-12-17 17:31:11 +0100 |
| commit | bd7570628066df4ad86ea4efdb1abb44338c3b99 (patch) | |
| tree | 668b319a8e1f15edd0b4f8ddf250a2c90d935c4a /ipc | |
| parent | bbf4e353234e99f4a25ef85a8b02419b652e7401 (diff) | |
add a flag to disable setpgid syscall
It is broken on some of our test systems.
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/ipc.go | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/ipc/ipc.go b/ipc/ipc.go index 876d75cde..7e4ba7ca1 100644 --- a/ipc/ipc.go +++ b/ipc/ipc.go @@ -41,6 +41,7 @@ const ( FlagCollide // collide syscalls to provoke data races FlagDedupCover // deduplicate coverage in executor FlagDropPrivs // impersonate nobody user + FlagNoSetpgid // don't use setpgid FlagStrace // run executor under strace ) @@ -252,6 +253,7 @@ func closeMapping(f *os.File, mem []byte) error { type command struct { timeout time.Duration cmd *exec.Cmd + flags uint64 dir string rp *os.File inrp *os.File @@ -264,7 +266,7 @@ func makeCommand(bin []string, timeout time.Duration, flags uint64, inFile *os.F return nil, fmt.Errorf("failed to create temp dir: %v", err) } - c := &command{timeout: timeout, dir: dir} + c := &command{timeout: timeout, flags: flags, dir: dir} defer func() { if c != nil { c.close() @@ -330,11 +332,10 @@ func makeCommand(bin []string, timeout time.Duration, flags uint64, inFile *os.F cmd.Stdout = os.Stdout cmd.Stderr = os.Stdout } + cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: flags&FlagNoSetpgid == 0} if syscall.Getuid() == 0 { // Running under root, more isolation is possible. - cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true, Cloneflags: syscall.CLONE_NEWNS} - } else { - cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} + cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS } if err := cmd.Start(); err != nil { return nil, fmt.Errorf("failed to start executor binary: %v", err) @@ -366,7 +367,9 @@ func (c *command) kill() { // We started the process in its own process group and now kill the whole group. // This solves a potential problem with strace: // if we kill just strace, executor still runs and ReadAll below hangs. - syscall.Kill(-c.cmd.Process.Pid, syscall.SIGKILL) + if c.flags&FlagNoSetpgid == 0 { + syscall.Kill(-c.cmd.Process.Pid, syscall.SIGKILL) + } syscall.Kill(c.cmd.Process.Pid, syscall.SIGKILL) } |