shim: abort setup on failed start and process exit
All checks were successful
test / test (push) Successful in 25s
All checks were successful
test / test (push) Successful in 25s
Shim setup listens on a socket in the process share, if shim setup hasn't happened on exit revert will fail. This change makes sure shim setup is aborted on a doomed launch. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
42e0b168e3
commit
cafed5f234
@ -24,6 +24,8 @@ type app struct {
|
|||||||
id *ID
|
id *ID
|
||||||
// underlying user switcher process
|
// underlying user switcher process
|
||||||
cmd *exec.Cmd
|
cmd *exec.Cmd
|
||||||
|
// shim setup abort reason and completion
|
||||||
|
abort chan error
|
||||||
// child process related information
|
// child process related information
|
||||||
seal *appSeal
|
seal *appSeal
|
||||||
// error returned waiting for process
|
// error returned waiting for process
|
||||||
|
@ -63,7 +63,8 @@ func (a *app) Start() error {
|
|||||||
a.cmd.Stdin, a.cmd.Stdout, a.cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
|
a.cmd.Stdin, a.cmd.Stdout, a.cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
|
||||||
a.cmd.Dir = a.seal.RunDirPath
|
a.cmd.Dir = a.seal.RunDirPath
|
||||||
|
|
||||||
if err := shim.ServeConfig(confSockPath, a.seal.sys.UID(), &shim.Payload{
|
a.abort = make(chan error)
|
||||||
|
if err := shim.ServeConfig(confSockPath, a.abort, a.seal.sys.UID(), &shim.Payload{
|
||||||
Argv: a.seal.command,
|
Argv: a.seal.command,
|
||||||
Exec: shimExec,
|
Exec: shimExec,
|
||||||
Bwrap: a.seal.sys.bwrap,
|
Bwrap: a.seal.sys.bwrap,
|
||||||
@ -71,6 +72,8 @@ func (a *app) Start() error {
|
|||||||
|
|
||||||
Verbose: fmsg.Verbose(),
|
Verbose: fmsg.Verbose(),
|
||||||
}, a.seal.wl); err != nil {
|
}, a.seal.wl); err != nil {
|
||||||
|
a.abort <- err
|
||||||
|
<-a.abort
|
||||||
return fmsg.WrapErrorSuffix(err,
|
return fmsg.WrapErrorSuffix(err,
|
||||||
"cannot serve shim setup:")
|
"cannot serve shim setup:")
|
||||||
}
|
}
|
||||||
@ -232,6 +235,8 @@ func (a *app) Wait() (int, error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
a.abort <- errors.New("shim exited")
|
||||||
|
<-a.abort
|
||||||
if err := a.seal.sys.Revert(ec); err != nil {
|
if err := a.seal.sys.Revert(ec); err != nil {
|
||||||
return err.(RevertCompoundError)
|
return err.(RevertCompoundError)
|
||||||
}
|
}
|
||||||
|
@ -13,7 +13,7 @@ import (
|
|||||||
|
|
||||||
// called in the parent process
|
// called in the parent process
|
||||||
|
|
||||||
func ServeConfig(socket string, uid int, payload *Payload, wl *Wayland) error {
|
func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl *Wayland) error {
|
||||||
if payload.WL {
|
if payload.WL {
|
||||||
if f, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: wl.Path, Net: "unix"}); err != nil {
|
if f, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: wl.Path, Net: "unix"}); err != nil {
|
||||||
return err
|
return err
|
||||||
@ -23,9 +23,25 @@ func ServeConfig(socket string, uid int, payload *Payload, wl *Wayland) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setup success state accessed by abort
|
||||||
|
var success bool
|
||||||
|
|
||||||
if c, err := net.ListenUnix("unix", &net.UnixAddr{Name: socket, Net: "unix"}); err != nil {
|
if c, err := net.ListenUnix("unix", &net.UnixAddr{Name: socket, Net: "unix"}); err != nil {
|
||||||
return err
|
return err
|
||||||
} else {
|
} else {
|
||||||
|
c.SetUnlinkOnClose(true)
|
||||||
|
|
||||||
|
go func() {
|
||||||
|
err1 := <-abort
|
||||||
|
if !success {
|
||||||
|
fmsg.VPrintln("aborting shim setup, reason:", err1)
|
||||||
|
if err1 = c.Close(); err1 != nil {
|
||||||
|
fmsg.Println("cannot abort shim setup:", err1)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
close(abort)
|
||||||
|
}()
|
||||||
|
|
||||||
fmsg.VPrintf("configuring shim on socket %q", socket)
|
fmsg.VPrintf("configuring shim on socket %q", socket)
|
||||||
if err = acl.UpdatePerm(socket, uid, acl.Read, acl.Write, acl.Execute); err != nil {
|
if err = acl.UpdatePerm(socket, uid, acl.Read, acl.Write, acl.Execute); err != nil {
|
||||||
fmsg.Println("cannot change permissions of shim setup socket:", err)
|
fmsg.Println("cannot change permissions of shim setup socket:", err)
|
||||||
@ -34,7 +50,11 @@ func ServeConfig(socket string, uid int, payload *Payload, wl *Wayland) error {
|
|||||||
go func() {
|
go func() {
|
||||||
var conn *net.UnixConn
|
var conn *net.UnixConn
|
||||||
if conn, err = c.AcceptUnix(); err != nil {
|
if conn, err = c.AcceptUnix(); err != nil {
|
||||||
|
if errors.Is(err, net.ErrClosed) {
|
||||||
|
fmsg.VPrintln("accept failed due to shim setup abort")
|
||||||
|
} else {
|
||||||
fmsg.Println("cannot accept connection from shim:", err)
|
fmsg.Println("cannot accept connection from shim:", err)
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
if err = gob.NewEncoder(conn).Encode(*payload); err != nil {
|
if err = gob.NewEncoder(conn).Encode(*payload); err != nil {
|
||||||
fmsg.Println("cannot stream shim payload:", err)
|
fmsg.Println("cannot stream shim payload:", err)
|
||||||
@ -70,11 +90,14 @@ func ServeConfig(socket string, uid int, payload *Payload, wl *Wayland) error {
|
|||||||
_ = conn.Close()
|
_ = conn.Close()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
success = true
|
||||||
if err = c.Close(); err != nil {
|
if err = c.Close(); err != nil {
|
||||||
|
if errors.Is(err, net.ErrClosed) {
|
||||||
|
fmsg.VPrintln("close failed due to shim setup abort")
|
||||||
|
} else {
|
||||||
fmsg.Println("cannot close shim socket:", err)
|
fmsg.Println("cannot close shim socket:", err)
|
||||||
}
|
}
|
||||||
if err = os.Remove(socket); err != nil && !errors.Is(err, os.ErrNotExist) {
|
|
||||||
fmsg.Println("cannot remove dangling shim socket:", err)
|
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
return nil
|
return nil
|
||||||
|
Loading…
Reference in New Issue
Block a user