Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package conmon for openSUSE:Factory checked in at 2021-03-02 12:26:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/conmon (Old) and /work/SRC/openSUSE:Factory/.conmon.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "conmon" Tue Mar 2 12:26:23 2021 rev:19 rq:875202 version:2.0.26 Changes: -------- --- /work/SRC/openSUSE:Factory/conmon/conmon.changes 2021-01-19 15:59:55.439174061 +0100 +++ /work/SRC/openSUSE:Factory/.conmon.new.2378/conmon.changes 2021-03-02 12:27:51.591446232 +0100 @@ -1,0 +2,17 @@ +Thu Feb 25 15:41:49 UTC 2021 - Alexandre Vicenzi <[email protected]> + +- Update to version 2.0.26: + * conn_sock: do not fail on EAGAIN + * fix segfault from a double freed pointer + * Fix a bug where conmon could never spawn a container, because + a disagreement between the caller and itself on where the attach + socket was. + * improve --full-attach to ignore the socket-dir directly. that + means callers don't need to specify a socket dir at all (and + can remove it) + * add full-attach option to allow callers to not truncate a very + long path for the attach socket + * close only opened FDs + * set locale to inherit environment + +------------------------------------------------------------------- Old: ---- conmon-2.0.22.tar.xz New: ---- conmon-2.0.26.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ conmon.spec ++++++ --- /var/tmp/diff_new_pack.qi8a0M/_old 2021-03-02 12:27:52.147446728 +0100 +++ /var/tmp/diff_new_pack.qi8a0M/_new 2021-03-02 12:27:52.151446733 +0100 @@ -17,7 +17,7 @@ Name: conmon -Version: 2.0.22 +Version: 2.0.26 Release: 0 Summary: An OCI container runtime monitor License: Apache-2.0 @@ -25,7 +25,7 @@ URL: https://github.com/containers/conmon Source0: %{name}-%{version}.tar.xz BuildRequires: glib2-devel -BuildRequires: golang(API) >= 1.15 +BuildRequires: golang(API) >= 1.16 BuildRequires: pkgconfig(libsystemd) %description ++++++ _service ++++++ --- /var/tmp/diff_new_pack.qi8a0M/_old 2021-03-02 12:27:52.171446750 +0100 +++ /var/tmp/diff_new_pack.qi8a0M/_new 2021-03-02 12:27:52.171446750 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">[v]?([^\+]+)(.*)</param> -<param name="revision">v2.0.22</param> +<param name="revision">v2.0.26</param> <param name="changesgenerate">enable</param> </service> <service name="recompress" mode="disabled"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.qi8a0M/_old 2021-03-02 12:27:52.187446764 +0100 +++ /var/tmp/diff_new_pack.qi8a0M/_new 2021-03-02 12:27:52.187446764 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/containers/conmon</param> - <param name="changesrevision">9c34a8663b85e479e0c083801e89a2b2835228ed</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">0e155c83aa739ef0a0540ec9f9d265f57f68038b</param></service></servicedata> ++++++ conmon-2.0.22.tar.xz -> conmon-2.0.26.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/Makefile new/conmon-2.0.26/Makefile --- old/conmon-2.0.22/Makefile 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/Makefile 2021-02-03 19:32:15.000000000 +0100 @@ -6,7 +6,7 @@ PROJECT := github.com/containers/conmon PKG_CONFIG ?= pkg-config HEADERS := $(wildcard src/*.h) -OBJS := src/conmon.o src/cmsg.o src/ctr_logging.o src/utils.o src/cli.o src/globals.o src/cgroup.o src/conn_sock.o src/oom.o src/ctrl.o src/ctr_stdio.o src/parent_pipe_fd.o src/ctr_exit.o src/runtime_args.o +OBJS := src/conmon.o src/cmsg.o src/ctr_logging.o src/utils.o src/cli.o src/globals.o src/cgroup.o src/conn_sock.o src/oom.o src/ctrl.o src/ctr_stdio.o src/parent_pipe_fd.o src/ctr_exit.o src/runtime_args.o src/close_fds.o DEBUGTAG ?= ifneq (,$(findstring enable_debug,$(DEBUGTAG))) DEBUGFLAG=-g @@ -52,7 +52,7 @@ # Update nix/nixpkgs.json its latest stable commit .PHONY: nixpkgs nixpkgs: - @nix run -f channel:nixos-20.03 nix-prefetch-git -c nix-prefetch-git \ + @nix run -f channel:nixos-20.09 nix-prefetch-git -c nix-prefetch-git \ --no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json # Build statically linked binary diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/VERSION new/conmon-2.0.26/VERSION --- old/conmon-2.0.22/VERSION 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/VERSION 2021-02-03 19:32:15.000000000 +0100 @@ -1 +1 @@ -2.0.22 +2.0.26 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/docs/Makefile new/conmon-2.0.26/docs/Makefile --- old/conmon-2.0.22/docs/Makefile 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/docs/Makefile 2021-02-03 19:32:15.000000000 +0100 @@ -1,4 +1,4 @@ -PREFIX := /usr/local +PREFIX ?= /usr/local DATADIR := ${PREFIX}/share MANDIR := $(DATADIR)/man GOMD2MAN = ../tools/build/go-md2man diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/meson.build new/conmon-2.0.26/meson.build --- old/conmon-2.0.22/meson.build 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/meson.build 2021-02-03 19:32:15.000000000 +0100 @@ -58,6 +58,8 @@ 'src/ctr_stdio.h', 'src/globals.c', 'src/globals.h', + 'src/close_fds.c', + 'src/close_fds.h', 'src/oom.c', 'src/oom.h', 'src/parent_pipe_fd.c', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/nix/default.nix new/conmon-2.0.26/nix/default.nix --- old/conmon-2.0.22/nix/default.nix 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/nix/default.nix 2021-02-03 19:32:15.000000000 +0100 @@ -59,10 +59,10 @@ doCheck = false; enableParallelBuilding = true; outputs = [ "out" ]; - nativeBuildInputs = [ bash git pcre pkg-config which ]; + nativeBuildInputs = [ bash gitMinimal pcre pkg-config which ]; buildInputs = [ glibc glibc.static glib ]; prePatch = '' - export CFLAGS='-static' + export CFLAGS='-static -pthread' export LDFLAGS='-s -w -static-libgcc -static' export EXTRA_LDFLAGS='-s -w -linkmode external -extldflags "-static -lm"' ''; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/nix/nixpkgs.json new/conmon-2.0.26/nix/nixpkgs.json --- old/conmon-2.0.22/nix/nixpkgs.json 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/nix/nixpkgs.json 2021-02-03 19:32:15.000000000 +0100 @@ -1,7 +1,10 @@ { "url": "https://github.com/nixos/nixpkgs";, - "rev": "6e089d30148953df7abb3a1167169afc7848499c", - "date": "2020-11-05T09:56:30+01:00", - "sha256": "0ydqjkz7payl16psx445jwh6dc6lgbvj2w11xin1dqvbpcp03jcy", - "fetchSubmodules": false + "rev": "30c2fb65feaf1068b1c413a0b75470afd351c291", + "date": "2021-01-28T21:27:34-05:00", + "path": "/nix/store/zk71rlw37vg9hqc5j0vqi9x8qzb2ir0m-nixpkgs", + "sha256": "0b1y1lgzbagpgh9cvi9szkm162laifz0q2ss4pibns3j3gqpf5gl", + "fetchSubmodules": false, + "deepClone": false, + "leaveDotGit": false } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/cgroup.c new/conmon-2.0.26/src/cgroup.c --- old/conmon-2.0.22/src/cgroup.c 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/cgroup.c 2021-02-03 19:32:15.000000000 +0100 @@ -21,7 +21,8 @@ #define CGROUP_ROOT "/sys/fs/cgroup" -static int oom_event_fd = -1; +int oom_event_fd = -1; +int oom_cgroup_fd = -1; static char *process_cgroup_subsystem_path(int pid, bool cgroup2, const char *subsystem); static void setup_oom_handling_cgroup_v2(int pid); @@ -147,14 +148,14 @@ _cleanup_free_ char *memory_cgroup_file_oom_path = g_build_filename(memory_cgroup_path, "memory.oom_control", NULL); - int ofd = open(memory_cgroup_file_oom_path, O_RDONLY | O_CLOEXEC); /* Not closed */ - if (ofd == -1) + oom_cgroup_fd = open(memory_cgroup_file_oom_path, O_RDONLY | O_CLOEXEC); /* Not closed */ + if (oom_cgroup_fd == -1) pexitf("Failed to open %s", memory_cgroup_file_oom_path); if ((oom_event_fd = eventfd(0, EFD_CLOEXEC)) == -1) pexit("Failed to create eventfd"); - _cleanup_free_ char *data = g_strdup_printf("%d %d", oom_event_fd, ofd); + _cleanup_free_ char *data = g_strdup_printf("%d %d", oom_event_fd, oom_cgroup_fd); if (write_all(cfd, data, strlen(data)) < 0) pexit("Failed to write to cgroup.event_control"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/cgroup.h new/conmon-2.0.26/src/cgroup.h --- old/conmon-2.0.22/src/cgroup.h 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/cgroup.h 2021-02-03 19:32:15.000000000 +0100 @@ -3,6 +3,9 @@ #include <glib.h> /* gboolean */ +extern int oom_cgroup_fd; +extern int oom_event_fd; + void setup_oom_handling(int pid); gboolean conn_sock_cb(int fd, GIOCondition condition, gpointer user_data); gboolean check_cgroup2_oom(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/cli.c new/conmon-2.0.26/src/cli.c --- old/conmon-2.0.22/src/cli.c 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/cli.c 2021-02-03 19:32:15.000000000 +0100 @@ -49,6 +49,7 @@ gboolean opt_sync = FALSE; gboolean opt_no_sync_log = FALSE; char *opt_sdnotify_socket = NULL; +gboolean opt_full_attach_path = FALSE; GOptionEntry opt_entries[] = { {"api-version", 0, 0, G_OPTION_ARG_NONE, &opt_api_version, "Conmon API version to use", NULL}, {"bundle", 'b', 0, G_OPTION_ARG_STRING, &opt_bundle_path, "Location of the OCI Bundle path", NULL}, @@ -97,6 +98,8 @@ {"terminal", 't', 0, G_OPTION_ARG_NONE, &opt_terminal, "Allocate a pseudo-TTY. The default is false", NULL}, {"timeout", 'T', 0, G_OPTION_ARG_INT, &opt_timeout, "Kill container after specified timeout in seconds.", NULL}, {"version", 0, 0, G_OPTION_ARG_NONE, &opt_version, "Print the version and exit", NULL}, + {"full-attach", 0, 0, G_OPTION_ARG_NONE, &opt_full_attach_path, + "Don't truncate the path to the attach socket. This option causes conmon to ignore --socket-dir-path", NULL}, {NULL, 0, 0, 0, NULL, NULL, NULL}}; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/cli.h new/conmon-2.0.26/src/cli.h --- old/conmon-2.0.22/src/cli.h 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/cli.h 2021-02-03 19:32:15.000000000 +0100 @@ -44,6 +44,7 @@ extern gboolean opt_sync; extern char *opt_sdnotify_socket; extern GOptionEntry opt_entries[]; +extern gboolean opt_full_attach_path; int initialize_cli(int argc, char *argv[]); void process_cli(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/close_fds.c new/conmon-2.0.26/src/close_fds.c --- old/conmon-2.0.22/src/close_fds.c 1970-01-01 01:00:00.000000000 +0100 +++ new/conmon-2.0.26/src/close_fds.c 2021-02-03 19:32:15.000000000 +0100 @@ -0,0 +1,83 @@ +#define _GNU_SOURCE +#if __STDC_VERSION__ >= 199901L +/* C99 or later */ +#else +#error conmon.c requires C99 or later +#endif + +#include "utils.h" +#include "ctr_logging.h" +#include "cgroup.h" +#include "cli.h" +#include "globals.h" +#include "oom.h" +#include "conn_sock.h" +#include "ctrl.h" +#include "ctr_stdio.h" +#include "config.h" +#include "parent_pipe_fd.h" +#include "ctr_exit.h" +#include "close_fds.h" +#include "runtime_args.h" + +#include <sys/prctl.h> +#include <sys/stat.h> + +static int open_files_max_fd; +static fd_set *open_files_set; + +static void __attribute__((constructor)) init() +{ + struct dirent *ent; + ssize_t size = 0; + DIR *d; + + /* Store how many FDs were open before the Go runtime kicked in. */ + d = opendir("/proc/self/fd"); + if (!d) + return; + + for (ent = readdir(d); ent; ent = readdir(d)) { + int fd; + + if (ent->d_name[0] == '.') + continue; + + fd = atoi(ent->d_name); + if (fd == dirfd(d)) + continue; + + if (fd >= size * FD_SETSIZE) { + int i; + ssize_t new_size; + + new_size = (fd / FD_SETSIZE) + 1; + open_files_set = realloc(open_files_set, new_size * sizeof(fd_set)); + if (open_files_set == NULL) + _exit(EXIT_FAILURE); + + for (i = size; i < new_size; i++) + FD_ZERO(&(open_files_set[i])); + + size = new_size; + } + + if (fd > open_files_max_fd) + open_files_max_fd = fd; + + FD_SET(fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE])); + } + closedir(d); +} + +void close_other_fds() +{ + int fd; + + for (fd = 3; fd < open_files_max_fd; fd++) { + if (open_files_set == NULL || FD_ISSET(fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE]))) + if (fd == sync_pipe_fd || fd == attach_pipe_fd || fd == dev_null_r || fd == dev_null_w || fd == oom_cgroup_fd + || fd == oom_event_fd) + close(fd); + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/close_fds.h new/conmon-2.0.26/src/close_fds.h --- old/conmon-2.0.22/src/close_fds.h 1970-01-01 01:00:00.000000000 +0100 +++ new/conmon-2.0.26/src/close_fds.h 2021-02-03 19:32:15.000000000 +0100 @@ -0,0 +1 @@ +void close_other_fds(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/conmon.c new/conmon-2.0.26/src/conmon.c --- old/conmon-2.0.22/src/conmon.c 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/conmon.c 2021-02-03 19:32:15.000000000 +0100 @@ -17,18 +17,21 @@ #include "config.h" #include "parent_pipe_fd.h" #include "ctr_exit.h" +#include "close_fds.h" #include "runtime_args.h" #include <sys/prctl.h> #include <sys/stat.h> +#include <locale.h> int main(int argc, char *argv[]) { + setlocale(LC_ALL, ""); _cleanup_gerror_ GError *err = NULL; char buf[BUF_SIZE]; int num_read; - _cleanup_close_ int dev_null_r = -1; - _cleanup_close_ int dev_null_w = -1; + _cleanup_close_ int dev_null_r_cleanup = -1; + _cleanup_close_ int dev_null_w_cleanup = -1; _cleanup_close_ int dummyfd = -1; int initialize_ec = initialize_cli(argc, argv); @@ -58,11 +61,11 @@ close(start_pipe_fd); } - dev_null_r = open("/dev/null", O_RDONLY | O_CLOEXEC); + dev_null_r_cleanup = dev_null_r = open("/dev/null", O_RDONLY | O_CLOEXEC); if (dev_null_r < 0) pexit("Failed to open /dev/null"); - dev_null_w = open("/dev/null", O_WRONLY | O_CLOEXEC); + dev_null_w_cleanup = dev_null_w = open("/dev/null", O_WRONLY | O_CLOEXEC); if (dev_null_w < 0) pexit("Failed to open /dev/null"); @@ -97,7 +100,6 @@ /* Environment variables */ sync_pipe_fd = get_pipe_fd_from_env("_OCI_SYNCPIPE"); - int attach_pipe_fd = -1; if (opt_attach) { attach_pipe_fd = get_pipe_fd_from_env("_OCI_ATTACHPIPE"); if (attach_pipe_fd < 0) { @@ -167,7 +169,8 @@ /* now that we've set mainfd_stdout, we can register the ctrl_winsz_cb * if we didn't set it here, we'd risk attempting to run ioctl on * a negative fd, and fail to resize the window */ - g_unix_fd_add(winsz_fd_r, G_IO_IN, ctrl_winsz_cb, NULL); + if (winsz_fd_r >= 0) + g_unix_fd_add(winsz_fd_r, G_IO_IN, ctrl_winsz_cb, NULL); } /* We always create a stderr pipe, because that way we can capture @@ -464,24 +467,8 @@ * the container runs. Close them before we notify the container exited, so that they can be * reused immediately. */ - DIR *fdsdir = opendir("/proc/self/fd"); - if (fdsdir != NULL) { - int fd; - int dfd = dirfd(fdsdir); - struct dirent *next; - - for (next = readdir(fdsdir); next; next = readdir(fdsdir)) { - const char *name = next->d_name; - if (name[0] == '.') - continue; - - fd = strtoll(name, NULL, 10); - if (fd == dfd || fd == sync_pipe_fd || fd == attach_pipe_fd || fd == dev_null_r || fd == dev_null_w) - continue; - close(fd); - } - closedir(fdsdir); - } + close_other_fds(); + close_all_readers(); _cleanup_free_ char *status_str = g_strdup_printf("%d", exit_status); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/conn_sock.c new/conmon-2.0.26/src/conn_sock.c --- old/conmon-2.0.22/src/conn_sock.c 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/conn_sock.c 2021-02-03 19:32:15.000000000 +0100 @@ -22,7 +22,9 @@ static void schedule_local_sock_write(struct local_sock_s *local_sock); static void sock_try_write_to_local_sock(struct remote_sock_s *sock); static gboolean local_sock_write_cb(G_GNUC_UNUSED int fd, G_GNUC_UNUSED GIOCondition condition, G_GNUC_UNUSED gpointer user_data); -static char *bind_unix_socket(char *socket_relative_name, int sock_type, mode_t perms, struct remote_sock_s *remote_sock); +static char *bind_unix_socket(char *socket_relative_name, int sock_type, mode_t perms, struct remote_sock_s *remote_sock, + gboolean use_full_attach_path); +static char *socket_parent_dir(gboolean use_full_attach_path, size_t desired_len); /* Since our socket handling is abstract now, handling is based on sock_type, so we can pass around a structure that contains everything we need to handle I/O. Callbacks used to handle IO, for example, and whether this @@ -74,7 +76,7 @@ { struct sockaddr_un addr = {0}; _cleanup_free_ const char *tmpdir = g_get_tmp_dir(); - _cleanup_free_ char *csname = g_build_filename(tmpdir, "conmon-term.XXXXXX", NULL); + char *csname = g_build_filename(tmpdir, "conmon-term.XXXXXX", NULL); /* * Generate a temporary name. Is this unsafe? Probably, but we can * replace it with a rename(2) setup if necessary. @@ -104,12 +106,13 @@ if (listen(console_socket_fd, 128) < 0) pexit("Failed to listen on console-socket"); - return g_strdup(csname); + return csname; } char *setup_attach_socket(void) { - char *symlink_dir_path = bind_unix_socket("attach", SOCK_SEQPACKET | SOCK_NONBLOCK | SOCK_CLOEXEC, 0700, &remote_attach_sock); + char *symlink_dir_path = + bind_unix_socket("attach", SOCK_SEQPACKET | SOCK_NONBLOCK | SOCK_CLOEXEC, 0700, &remote_attach_sock, opt_full_attach_path); if (listen(remote_attach_sock.fd, 10) == -1) pexitf("Failed to listen on attach socket: %s/%s", symlink_dir_path, "attach"); @@ -134,53 +137,49 @@ /* No _cleanup_free_ here so we don't get a warning about unused variables * when compiling with clang */ char *symlink_dir_path = - bind_unix_socket("notify/notify.sock", SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0777, &remote_notify_sock); + bind_unix_socket("notify/notify.sock", SOCK_DGRAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0777, &remote_notify_sock, TRUE); g_unix_fd_add(remote_notify_sock.fd, G_IO_IN | G_IO_HUP | G_IO_ERR, remote_sock_cb, &remote_notify_sock); g_free(symlink_dir_path); } /* REMEMBER to g_free() the return value! */ -static char *bind_unix_socket(char *socket_relative_name, int sock_type, mode_t perms, struct remote_sock_s *remote_sock) +static char *bind_unix_socket(char *socket_relative_name, int sock_type, mode_t perms, struct remote_sock_s *remote_sock, + gboolean use_full_attach_path) { int socket_fd = -1; struct sockaddr_un socket_addr = {0}; socket_addr.sun_family = AF_UNIX; - _cleanup_free_ char *cwd = NULL; - /* - * Create a symlink so we don't exceed unix domain socket - * path length limit. - * - * We do NOT free this because it's returned to the parent, who is responsible for freeing it! - */ - char *base_path = g_build_filename(opt_socket_path, opt_cuuid, NULL); + /* get the parent_dir of the socket. We'll use this to get the location of the socket. */ + char *parent_dir = socket_parent_dir(use_full_attach_path, sizeof(socket_addr.sun_path)); /* - * Create a symlink so we don't exceed unix domain socket - * path length limit. We use the base path passed in from our parent. + * To be able to access the location of the attach socket, without first creating the attach socket + * but also be able to handle arbitrary length paths, we open the parent dir (base_path), and then use + * the corresponding entry in `/proc/self/fd` to act as the path to base_path, then we use the socket_relative_name + * to actually refer to the file where the socket will be created below. */ - if (unlink(base_path) == -1 && errno != ENOENT) - pexitf("Failed to remove existing symlink for socket directory %s", base_path); + _cleanup_close_ int parent_dir_fd = open(parent_dir, O_PATH); + if (parent_dir_fd < 0) + pexitf("failed to open socket path parent dir %s", parent_dir); - if (symlink(opt_bundle_path, base_path) == -1) - pexit("Failed to create symlink for notify socket"); + _cleanup_free_ char *sock_proc_entry = g_strdup_printf("/proc/self/fd/%d/%s", parent_dir_fd, socket_relative_name); + strncpy(socket_addr.sun_path, sock_proc_entry, sizeof(socket_addr.sun_path) - 1); + ninfof("addr{sun_family=AF_UNIX, sun_path=%s}", socket_addr.sun_path); - _cleanup_free_ char *sock_fullpath = g_build_filename(base_path, socket_relative_name, NULL); - _cleanup_free_ char *sock_relpath = g_build_filename(opt_cuuid, socket_relative_name, NULL); - ninfof("socket path: %s", sock_fullpath); - strncpy(socket_addr.sun_path, sock_relpath, sizeof(socket_addr.sun_path) - 1); - ninfof("addr{sun_family=AF_UNIX, sun_path=%s}", socket_addr.sun_path); + /* + * We use the fullpath for operations that aren't as limited in length as socket_addr.sun_path + * Cleanup of this variable is up to the caller + */ + char *sock_fullpath = g_build_filename(parent_dir, socket_relative_name, NULL); /* * We make the socket non-blocking to avoid a race where client aborts connection * before the server gets a chance to call accept. In that scenario, the server * accept blocks till a new client connection comes in. */ - if ((cwd = getcwd(NULL, 0)) == NULL) - pexitf("Failed to get CWD for socket %s", sock_fullpath); - socket_fd = socket(AF_UNIX, sock_type, 0); if (socket_fd == -1) pexitf("Failed to create socket %s", sock_fullpath); @@ -188,9 +187,6 @@ if (fchmod(socket_fd, perms)) pexitf("Failed to change socket permissions %s", sock_fullpath); - if (chdir(opt_socket_path) == -1) - pexitf("Could not chdir to %s", opt_socket_path); - if (unlink(sock_fullpath) == -1 && errno != ENOENT) pexitf("Failed to remove existing socket: %s", sock_fullpath); @@ -200,11 +196,48 @@ if (chmod(sock_fullpath, perms)) pexitf("Failed to change socket permissions %s", sock_fullpath); - if (chdir(cwd) == -1) - pexitf("Could not chdir to %s", cwd); - remote_sock->fd = socket_fd; + return sock_fullpath; +} + +/* + * socket_parent_dir decides whether to truncate the socket path, to match + * the caller's expectation. + * use_full_attach_path is whether conmon was told to not truncate the path. + * base_path is the path of the socket + * desired_len is the length of socket_addr.sun_path (should be strlen(char[108]) on linux). + */ +char *socket_parent_dir(gboolean use_full_attach_path, size_t desired_len) +{ + /* if we're to use the full path, ignore the socket path and only use the bundle_path */ + if (use_full_attach_path) + return opt_bundle_path; + + char *base_path = g_build_filename(opt_socket_path, opt_cuuid, NULL); + + /* + * This is to address a corner case where the symlink path length can end up being + * the same as the socket. When it happens, the symlink prevents the socket from being + * be created. This could still be a problem with other containers, but it is safe + * to assume the CUUIDs don't change length in the same directory. As a workaround, + * in such case, make the symlink one char shorter. + * + * If we're using using_full_attach_path, this is unnecessary. + */ + if (strlen(base_path) == (desired_len - 1)) + base_path[desired_len - 2] = '\0'; + + /* + * Create a symlink so we don't exceed unix domain socket + * path length limit. We use the base path passed in from our parent. + */ + if (unlink(base_path) == -1 && errno != ENOENT) + pexitf("Failed to remove existing symlink for socket directory %s", base_path); + + if (symlink(opt_bundle_path, base_path) == -1) + pexit("Failed to create symlink for notify socket"); + return base_path; } @@ -425,6 +458,20 @@ sock->readable = src->readable; sock->writable = src->writable; sock->dest = src->dest; + g_unix_set_fd_nonblocking(*sock->dest->fd, TRUE, NULL); sock->sock_type = src->sock_type; } } + +static void close_sock(gpointer data, G_GNUC_UNUSED gpointer user_data) +{ + struct remote_sock_s *sock = (struct remote_sock_s *)data; + + close(sock->fd); + sock->fd = -1; +} + +void close_all_readers() +{ + g_ptr_array_foreach(local_mainfd_stdin.readers, close_sock, NULL); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/conn_sock.h new/conmon-2.0.26/src/conn_sock.h --- old/conmon-2.0.22/src/conn_sock.h 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/conn_sock.h 2021-02-03 19:32:15.000000000 +0100 @@ -52,5 +52,6 @@ void setup_notify_socket(char *); void schedule_main_stdin_write(); void write_back_to_remote_consoles(char *buf, int len); +void close_all_readers(); #endif // CONN_SOCK_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/globals.c new/conmon-2.0.26/src/globals.c --- old/conmon-2.0.22/src/globals.c 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/globals.c 2021-02-03 19:32:15.000000000 +0100 @@ -13,6 +13,9 @@ int inotify_fd = -1; int winsz_fd_w = -1; int winsz_fd_r = -1; +int attach_pipe_fd = -1; +int dev_null_r = -1; +int dev_null_w = -1; gboolean timed_out = FALSE; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/conmon-2.0.22/src/globals.h new/conmon-2.0.26/src/globals.h --- old/conmon-2.0.22/src/globals.h 2020-12-17 16:56:08.000000000 +0100 +++ new/conmon-2.0.26/src/globals.h 2021-02-03 19:32:15.000000000 +0100 @@ -18,6 +18,9 @@ extern int inotify_fd; extern int winsz_fd_w; extern int winsz_fd_r; +extern int attach_pipe_fd; +extern int dev_null_r; +extern int dev_null_w; extern gboolean timed_out;
