1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // +build darwin freebsd netbsd openbsd
13 type SysProcAttr struct {
14 Chroot string // Chroot.
15 Credential *Credential // Credential.
16 Ptrace bool // Enable tracing.
17 Setsid bool // Create session.
18 Setpgid bool // Set process group ID to new pid (SYSV setpgrp)
19 Setctty bool // Set controlling terminal to fd 0
20 Noctty bool // Detach fd 0 from controlling terminal
23 // Fork, dup fd onto 0..len(fd), and exec(argv0, argvv, envv) in child.
24 // If a dup or exec fails, write the errno error to pipe.
25 // (Pipe is close-on-exec so if exec succeeds, it will be closed.)
26 // In the child, this function must not acquire any locks, because
27 // they might have been locked at the time of the fork. This means
28 // no rescheduling, no malloc calls, and no new stack segments.
29 // The calls to RawSyscall are okay because they are assembly
30 // functions that do not grow the stack.
31 func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr *ProcAttr, sys *SysProcAttr, pipe int) (pid int, err Errno) {
32 // Declare all variables at top in case any
33 // declarations require heap allocation (e.g., err1).
41 // guard against side effects of shuffling fds below.
42 // Make sure that nextfd is beyond any currently open files so
43 // that we can't run the risk of overwriting any of them.
44 fd := make([]int, len(attr.Files))
45 nextfd = len(attr.Files)
46 for i, ufd := range attr.Files {
47 if nextfd < int(ufd) {
54 // About to call fork.
55 // No more allocation or calls of non-assembly functions.
66 // Fork succeeded, now in child.
68 // Enable tracing if requested.
70 err1 = raw_ptrace(_PTRACE_TRACEME, 0, nil, nil)
86 err1 = raw_setpgid(0, 0)
94 err1 = raw_chroot(chroot)
101 if cred := sys.Credential; cred != nil {
102 ngroups := len(cred.Groups)
104 err2 := setgroups(0, nil)
111 groups := make([]Gid_t, ngroups)
112 for i, v := range cred.Groups {
115 err2 := setgroups(ngroups, &groups[0])
125 err2 := Setgid(int(cred.Gid))
130 err2 = Setuid(int(cred.Uid))
139 err1 = raw_chdir(dir)
145 // Pass 1: look for fd[i] < i and move those up above len(fd)
146 // so that pass 2 won't stomp on an fd it needs later.
148 err1 = raw_dup2(pipe, nextfd)
152 raw_fcntl(nextfd, F_SETFD, FD_CLOEXEC)
156 for i = 0; i < len(fd); i++ {
157 if fd[i] >= 0 && fd[i] < int(i) {
158 err1 = raw_dup2(fd[i], nextfd)
162 raw_fcntl(nextfd, F_SETFD, FD_CLOEXEC)
165 if nextfd == pipe { // don't stomp on pipe
171 // Pass 2: dup fd[i] down onto i.
172 for i = 0; i < len(fd); i++ {
178 // dup2(i, i) won't clear close-on-exec flag on Linux,
179 // probably not elsewhere either.
180 _, err1 = raw_fcntl(fd[i], F_SETFD, 0)
186 // The new fd is created NOT close-on-exec,
187 // which is exactly what we want.
188 err1 = raw_dup2(fd[i], i)
194 // By convention, we don't close-on-exec the fds we are
195 // started with, so if len(fd) < 3, close 0, 1, 2 as needed.
196 // Programs that know they inherit fds >= 3 will need
197 // to set them close-on-exec.
198 for i = len(fd); i < 3; i++ {
202 // Detach fd 0 from tty
204 _, err1 = raw_ioctl(0, TIOCNOTTY, 0)
212 _, err1 = raw_ioctl(0, TIOCSCTTY, 0)
219 err1 = raw_execve(argv0, &argv[0], &envv[0])
222 // send error code on pipe
223 raw_write(pipe, (*byte)(unsafe.Pointer(&err1)), int(unsafe.Sizeof(err1)))
229 // Try to open a pipe with O_CLOEXEC set on both file descriptors.
230 func forkExecPipe(p []int) error {
235 _, err = fcntl(p[0], F_SETFD, FD_CLOEXEC)
239 _, err = fcntl(p[1], F_SETFD, FD_CLOEXEC)