bunpen: pasta: fix to send the full 4bytes of the netns fd across the pipe

2024-12-30 13:46:40 +00:00
parent 93782cd71c
commit da27a0e857
1 changed files with 16 additions and 5 deletions
--- a/pkgs/by-name/bunpen/restrict/pasta.ha
+++ b/pkgs/by-name/bunpen/restrict/pasta.ha
@@ -53,8 +53,13 @@ fn pasta_restrict(net: resources::net_subset) void = {
      capability_restrict(rt::ext::CAPS_NONE);

      // let the other thread know we're ready for pasta to attach to us
-      assert(netns_fd < 256); // FIXME: encode fd as 4xu8 instead of just one u8
-      io::write(pipe_parent_wr, [netns_fd: u8])!;
+      let netns_fd_bytes = [
+        netns_fd: u8,
+        (netns_fd >> 8): u8,
+        (netns_fd >> 16): u8,
+        (netns_fd >> 24): u8,
+      ];
+      io::write(pipe_parent_wr, netns_fd_bytes)!;

      // wait for the other thread to attach pasta.
      // pasta signals readiness by writing its pid (followed by \n) to a file.
@@ -77,11 +82,17 @@ fn pasta_restrict(net: resources::net_subset) void = {
      );

      // wait for the parent to signal that it's ready for us to attach pasta.
-      let netns_u8 = [0u8];
-      io::readall(pipe_child_rd, &netns_u8)!;
+      let netns_child_fd_bytes: [4]u8 = [0...];
+      io::readall(pipe_child_rd, &netns_child_fd_bytes)!;
+      let netns_child_fd: int = (
+        (netns_child_fd_bytes[0]: int) |
+        (netns_child_fd_bytes[1]: int << 8) |
+        (netns_child_fd_bytes[1]: int << 16) |
+        (netns_child_fd_bytes[1]: int << 24)
+      );
      let netns = errors::ext::check_int(
        "setup_pasta: pidfd_getfd(parent_pidfd, netns_u8)",
-        rt::ext::pidfd_getfd(parent_pidfd, netns_u8[0]: int),
+        rt::ext::pidfd_getfd(parent_pidfd, netns_child_fd),
      );

      // exec into pasta.