Merge "veyron/lib/unixfd: always set close on exec on the created sockpair"
diff --git a/lib/modules/shell.go b/lib/modules/shell.go
index 6ed18d4..c80aae7 100644
--- a/lib/modules/shell.go
+++ b/lib/modules/shell.go
@@ -150,11 +150,14 @@
return nil, err
}
defer cancel()
+ syscall.ForkLock.RLock()
fd, err := syscall.Dup(int(conn.Fd()))
if err != nil {
+ syscall.ForkLock.RUnlock()
return nil, err
}
syscall.CloseOnExec(fd)
+ syscall.ForkLock.RUnlock()
p, err := agent.NewAgentPrincipal(ctx, fd, veyron2.GetClient(ctx))
if err != nil {
return nil, err
diff --git a/lib/unixfd/unixfd.go b/lib/unixfd/unixfd.go
index 3611c7a..fd17a93 100644
--- a/lib/unixfd/unixfd.go
+++ b/lib/unixfd/unixfd.go
@@ -173,7 +173,7 @@
// Socketpair returns a pair of connected sockets for communicating with a child process.
func Socketpair() (*net.UnixConn, *os.File, error) {
- lfd, rfd, err := socketpair(false)
+ lfd, rfd, err := socketpair()
if err != nil {
return nil, nil, err
}
@@ -188,14 +188,12 @@
return conn.(*net.UnixConn), rfd.releaseFile(), nil
}
-func socketpair(closeRemoteOnExec bool) (local, remote *fileDescriptor, err error) {
+func socketpair() (local, remote *fileDescriptor, err error) {
syscall.ForkLock.RLock()
fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_STREAM, 0)
if err == nil {
syscall.CloseOnExec(fds[0])
- if closeRemoteOnExec {
- syscall.CloseOnExec(fds[1])
- }
+ syscall.CloseOnExec(fds[1])
}
syscall.ForkLock.RUnlock()
if err != nil {
@@ -209,11 +207,11 @@
// the local end of the socketpair.
// Note that the returned address is an open file descriptor,
// which you must close if you do not Dial or Listen to the address.
-func SendConnection(conn *net.UnixConn, data []byte, closeOnExec bool) (addr net.Addr, err error) {
+func SendConnection(conn *net.UnixConn, data []byte) (addr net.Addr, err error) {
if len(data) < 1 {
return nil, errors.New("cannot send a socket without data.")
}
- remote, local, err := socketpair(closeOnExec)
+ remote, local, err := socketpair()
if err != nil {
return nil, err
}
diff --git a/lib/unixfd/unixfd_test.go b/lib/unixfd/unixfd_test.go
index e4c1678..801258c 100644
--- a/lib/unixfd/unixfd_test.go
+++ b/lib/unixfd/unixfd_test.go
@@ -46,7 +46,7 @@
}
func TestDial(t *testing.T) {
- local, remote, err := socketpair(true)
+ local, remote, err := socketpair()
if err != nil {
t.Fatalf("socketpair: %v", err)
}
@@ -79,7 +79,7 @@
}
func TestListen(t *testing.T) {
- local, remote, err := socketpair(true)
+ local, remote, err := socketpair()
if err != nil {
t.Fatalf("socketpair: %v", err)
}
@@ -149,7 +149,7 @@
}
close(done)
}()
- caddr, err := SendConnection(uclient.(*net.UnixConn), []byte("hello"), true)
+ caddr, err := SendConnection(uclient.(*net.UnixConn), []byte("hello"))
if err != nil {
t.Fatalf("SendConnection: %v", err)
}
diff --git a/security/agent/client.go b/security/agent/client.go
index 87e0849..f3128f9 100644
--- a/security/agent/client.go
+++ b/security/agent/client.go
@@ -67,7 +67,7 @@
}
// This is just an arbitrary 1 byte string. The value is ignored.
data := make([]byte, 1)
- addr, err := unixfd.SendConnection(conn.(*net.UnixConn), data, true)
+ addr, err := unixfd.SendConnection(conn.(*net.UnixConn), data)
if err != nil {
return nil, err
}
diff --git a/security/agent/keymgr/client.go b/security/agent/keymgr/client.go
index 65f175e..b2f34f7 100644
--- a/security/agent/keymgr/client.go
+++ b/security/agent/keymgr/client.go
@@ -7,7 +7,6 @@
"os"
"strconv"
"sync"
- "syscall"
"v.io/core/veyron/lib/unixfd"
"v.io/core/veyron/security/agent/server"
@@ -42,7 +41,6 @@
if err != nil {
return nil, err
}
- syscall.CloseOnExec(int(file.Fd()))
conn, err := net.FileConn(file)
if err != nil {
return nil, err
@@ -91,8 +89,7 @@
}
func (a *Agent) connect(req []byte) (*os.File, error) {
- // We're passing this to a child, so no CLOEXEC.
- addr, err := unixfd.SendConnection(a.conn, req, false)
+ addr, err := unixfd.SendConnection(a.conn, req)
if err != nil {
return nil, err
}
