From 0750245eea6b2b4dd4bb4f4f974beeb2a900c1d6 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Tue, 20 Oct 2015 17:43:02 +0200
Subject: experimental functionality to impersonate nobody user in executor

---
 ipc/ipc.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'ipc')

diff --git a/ipc/ipc.go b/ipc/ipc.go
index 511398a7f..44a232048 100644
--- a/ipc/ipc.go
+++ b/ipc/ipc.go
@@ -34,6 +34,7 @@ const (
 	FlagCover                          // collect coverage
 	FlagThreaded                       // use multiple threads to mitigate blocked syscalls
 	FlagDedupCover                     // deduplicate coverage in executor
+	FlagDropPrivs                      // impersonate nobody user
 	FlagStrace                         // run executor under strace
 )
 
@@ -42,11 +43,20 @@ func MakeEnv(bin string, timeout time.Duration, flags uint64) (*Env, error) {
 	if err != nil {
 		return nil, err
 	}
+	defer func() {
+		if inf != nil {
+			closeMapping(inf, inmem)
+		}
+	}()
 	outf, outmem, err := createMapping(16 << 20)
 	if err != nil {
-		closeMapping(inf, inmem)
 		return nil, err
 	}
+	defer func() {
+		if outf != nil {
+			closeMapping(outf, outmem)
+		}
+	}()
 	for i := 0; i < 8; i++ {
 		inmem[i] = byte(flags >> (8 * uint(i)))
 	}
@@ -63,6 +73,8 @@ func MakeEnv(bin string, timeout time.Duration, flags uint64) (*Env, error) {
 	if len(env.bin) == 0 {
 		return nil, fmt.Errorf("binary is empty string")
 	}
+	inf = nil
+	outf = nil
 	return env, nil
 }
 
-- 
cgit mrf-deployment