bunpen: pasta: never outlive the parent bunpen lifetime
This commit is contained in:
@@ -30,7 +30,7 @@ fn setup_pasta(net: restrict::net_subset) void = {
|
|||||||
|
|
||||||
let (pipe_parent_rd, pipe_child_wr) = unix::pipe()!;
|
let (pipe_parent_rd, pipe_child_wr) = unix::pipe()!;
|
||||||
log::printfln("[namespace/pasta]: forking: parent will launch pasta while child will exec user code");
|
log::printfln("[namespace/pasta]: forking: parent will launch pasta while child will exec user code");
|
||||||
match (os::exec::fork()) {
|
match (fork_and_die_with_parent()) {
|
||||||
case let child_pid: os::exec::process =>
|
case let child_pid: os::exec::process =>
|
||||||
io::close(pipe_child_wr)!;
|
io::close(pipe_child_wr)!;
|
||||||
|
|
||||||
@@ -58,14 +58,14 @@ fn setup_pasta(net: restrict::net_subset) void = {
|
|||||||
// though pasta hasn't created the device.
|
// though pasta hasn't created the device.
|
||||||
io::close(pipe_child_wr)!;
|
io::close(pipe_child_wr)!;
|
||||||
|
|
||||||
case let e: os::exec::error =>
|
case let e: (os::exec::error | rt::errno) =>
|
||||||
errors::ext::check("setup_pasta: fork", e);
|
errors::ext::check("setup_pasta: fork", e);
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
// spawn pasta as a separate process, and have it attach to the netns of the given pid.
|
// spawn pasta as a separate process, and have it attach to the netns of the given pid.
|
||||||
fn attach_pasta(net: restrict::net_subset, child: os::exec::process) (void | os::exec::error | rt::errno) = {
|
fn attach_pasta(net: restrict::net_subset, child: os::exec::process) (void | os::exec::error | rt::errno) = {
|
||||||
return match (os::exec::fork()?) {
|
return match (fork_and_die_with_parent()?) {
|
||||||
case let pasta_pid: os::exec::process => yield void;
|
case let pasta_pid: os::exec::process => yield void;
|
||||||
case void =>
|
case void =>
|
||||||
// pasta needs permissions to create a device in the netns (it apparently
|
// pasta needs permissions to create a device in the netns (it apparently
|
||||||
|
Reference in New Issue
Block a user