shim: abort setup on failed start and process exit
All checks were successful
test / test (push) Successful in 25s

Shim setup listens on a socket in the process share, if shim setup hasn't happened on exit revert will fail. This change makes sure shim setup is aborted on a doomed launch.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra 2024-10-21 21:23:56 +09:00
parent 42e0b168e3
commit cafed5f234
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
3 changed files with 37 additions and 7 deletions

View File

@ -24,6 +24,8 @@ type app struct {
id *ID
// underlying user switcher process
cmd *exec.Cmd
// shim setup abort reason and completion
abort chan error
// child process related information
seal *appSeal
// error returned waiting for process

View File

@ -63,7 +63,8 @@ func (a *app) Start() error {
a.cmd.Stdin, a.cmd.Stdout, a.cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
a.cmd.Dir = a.seal.RunDirPath
if err := shim.ServeConfig(confSockPath, a.seal.sys.UID(), &shim.Payload{
a.abort = make(chan error)
if err := shim.ServeConfig(confSockPath, a.abort, a.seal.sys.UID(), &shim.Payload{
Argv: a.seal.command,
Exec: shimExec,
Bwrap: a.seal.sys.bwrap,
@ -71,6 +72,8 @@ func (a *app) Start() error {
Verbose: fmsg.Verbose(),
}, a.seal.wl); err != nil {
a.abort <- err
<-a.abort
return fmsg.WrapErrorSuffix(err,
"cannot serve shim setup:")
}
@ -232,6 +235,8 @@ func (a *app) Wait() (int, error) {
}
}
a.abort <- errors.New("shim exited")
<-a.abort
if err := a.seal.sys.Revert(ec); err != nil {
return err.(RevertCompoundError)
}

View File

@ -13,7 +13,7 @@ import (
// called in the parent process
func ServeConfig(socket string, uid int, payload *Payload, wl *Wayland) error {
func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl *Wayland) error {
if payload.WL {
if f, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: wl.Path, Net: "unix"}); err != nil {
return err
@ -23,9 +23,25 @@ func ServeConfig(socket string, uid int, payload *Payload, wl *Wayland) error {
}
}
// setup success state accessed by abort
var success bool
if c, err := net.ListenUnix("unix", &net.UnixAddr{Name: socket, Net: "unix"}); err != nil {
return err
} else {
c.SetUnlinkOnClose(true)
go func() {
err1 := <-abort
if !success {
fmsg.VPrintln("aborting shim setup, reason:", err1)
if err1 = c.Close(); err1 != nil {
fmsg.Println("cannot abort shim setup:", err1)
}
}
close(abort)
}()
fmsg.VPrintf("configuring shim on socket %q", socket)
if err = acl.UpdatePerm(socket, uid, acl.Read, acl.Write, acl.Execute); err != nil {
fmsg.Println("cannot change permissions of shim setup socket:", err)
@ -34,7 +50,11 @@ func ServeConfig(socket string, uid int, payload *Payload, wl *Wayland) error {
go func() {
var conn *net.UnixConn
if conn, err = c.AcceptUnix(); err != nil {
fmsg.Println("cannot accept connection from shim:", err)
if errors.Is(err, net.ErrClosed) {
fmsg.VPrintln("accept failed due to shim setup abort")
} else {
fmsg.Println("cannot accept connection from shim:", err)
}
} else {
if err = gob.NewEncoder(conn).Encode(*payload); err != nil {
fmsg.Println("cannot stream shim payload:", err)
@ -70,11 +90,14 @@ func ServeConfig(socket string, uid int, payload *Payload, wl *Wayland) error {
_ = conn.Close()
}
}
success = true
if err = c.Close(); err != nil {
fmsg.Println("cannot close shim socket:", err)
}
if err = os.Remove(socket); err != nil && !errors.Is(err, os.ErrNotExist) {
fmsg.Println("cannot remove dangling shim socket:", err)
if errors.Is(err, net.ErrClosed) {
fmsg.VPrintln("close failed due to shim setup abort")
} else {
fmsg.Println("cannot close shim socket:", err)
}
}
}()
return nil