1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
13 //sysnb raw_prctl(option int, arg2 int, arg3 int, arg4 int, arg5 int) (ret int, err Errno)
14 //prctl(option _C_int, arg2 _C_long, arg3 _C_long, arg4 _C_long, arg5 _C_long) _C_int
16 type SysProcAttr struct {
17 Chroot string // Chroot.
18 Credential *Credential // Credential.
19 Ptrace bool // Enable tracing.
20 Setsid bool // Create session.
21 Setpgid bool // Set process group ID to new pid (SYSV setpgrp)
22 Setctty bool // Set controlling terminal to fd Ctty (only meaningful if Setsid is set)
23 Noctty bool // Detach fd 0 from controlling terminal
24 Ctty int // Controlling TTY fd (Linux only)
25 Pdeathsig Signal // Signal that the process will get when its parent dies (Linux only)
28 // Fork, dup fd onto 0..len(fd), and exec(argv0, argvv, envv) in child.
29 // If a dup or exec fails, write the errno error to pipe.
30 // (Pipe is close-on-exec so if exec succeeds, it will be closed.)
31 // In the child, this function must not acquire any locks, because
32 // they might have been locked at the time of the fork. This means
33 // no rescheduling, no malloc calls, and no new stack segments.
34 // The calls to RawSyscall are okay because they are assembly
35 // functions that do not grow the stack.
36 func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr *ProcAttr, sys *SysProcAttr, pipe int) (pid int, err Errno) {
37 // Declare all variables at top in case any
38 // declarations require heap allocation (e.g., err1).
46 // Guard against side effects of shuffling fds below.
47 // Make sure that nextfd is beyond any currently open files so
48 // that we can't run the risk of overwriting any of them.
49 fd := make([]int, len(attr.Files))
50 nextfd = len(attr.Files)
51 for i, ufd := range attr.Files {
52 if nextfd < int(ufd) {
59 // About to call fork.
60 // No more allocation or calls of non-assembly functions.
71 // Fork succeeded, now in child.
73 // Parent death signal
74 if sys.Pdeathsig != 0 {
75 _, err1 = raw_prctl(PR_SET_PDEATHSIG, int(sys.Pdeathsig), 0, 0, 0)
80 // Signal self if parent is already dead. This might cause a
81 // duplicate signal in rare cases, but it won't matter when
86 err2 := Kill(pid, sys.Pdeathsig)
94 // Enable tracing if requested.
96 err1 = raw_ptrace(_PTRACE_TRACEME, 0, nil, nil)
112 err1 = raw_setpgid(0, 0)
120 err1 = raw_chroot(chroot)
127 if cred := sys.Credential; cred != nil {
128 ngroups := len(cred.Groups)
130 err2 := setgroups(0, nil)
137 groups := make([]Gid_t, ngroups)
138 for i, v := range cred.Groups {
141 err2 := setgroups(ngroups, &groups[0])
151 err2 := Setgid(int(cred.Gid))
156 err2 = Setuid(int(cred.Uid))
165 err1 = raw_chdir(dir)
171 // Pass 1: look for fd[i] < i and move those up above len(fd)
172 // so that pass 2 won't stomp on an fd it needs later.
174 err1 = raw_dup2(pipe, nextfd)
178 raw_fcntl(nextfd, F_SETFD, FD_CLOEXEC)
182 for i = 0; i < len(fd); i++ {
183 if fd[i] >= 0 && fd[i] < int(i) {
184 err1 = raw_dup2(fd[i], nextfd)
188 raw_fcntl(nextfd, F_SETFD, FD_CLOEXEC)
191 if nextfd == pipe { // don't stomp on pipe
197 // Pass 2: dup fd[i] down onto i.
198 for i = 0; i < len(fd); i++ {
204 // dup2(i, i) won't clear close-on-exec flag on Linux,
205 // probably not elsewhere either.
206 _, err1 = raw_fcntl(fd[i], F_SETFD, 0)
212 // The new fd is created NOT close-on-exec,
213 // which is exactly what we want.
214 err1 = raw_dup2(fd[i], i)
220 // By convention, we don't close-on-exec the fds we are
221 // started with, so if len(fd) < 3, close 0, 1, 2 as needed.
222 // Programs that know they inherit fds >= 3 will need
223 // to set them close-on-exec.
224 for i = len(fd); i < 3; i++ {
228 // Detach fd 0 from tty
230 _, err1 = raw_ioctl(0, TIOCNOTTY, 0)
237 if sys.Setctty && sys.Ctty >= 0 {
238 _, err1 = raw_ioctl(0, TIOCSCTTY, sys.Ctty)
245 err1 = raw_execve(argv0, &argv[0], &envv[0])
248 // send error code on pipe
249 raw_write(pipe, (*byte)(unsafe.Pointer(&err1)), int(unsafe.Sizeof(err1)))
254 // Calling panic is not actually safe,
255 // but the for loop above won't break
256 // and this shuts up the compiler.
260 // Try to open a pipe with O_CLOEXEC set on both file descriptors.
261 func forkExecPipe(p []int) (err error) {
262 err = Pipe2(p, O_CLOEXEC)
263 // pipe2 was added in 2.6.27 and our minimum requirement is 2.6.23, so it
264 // might not be implemented.
266 if err = Pipe(p); err != nil {
269 if _, err = fcntl(p[0], F_SETFD, FD_CLOEXEC); err != nil {
272 _, err = fcntl(p[1], F_SETFD, FD_CLOEXEC)