Re: [capsicum] wait() and pdfork()



On Wed, Mar 5, 2014 at 3:11 PM, Robert N. M. Watson <robert.watson at cl.cam.ac.uk> wrote:

On 5 Mar 2014, at 14:05, Ben Laurie <benl at google.com> wrote:

> David informs me that wait() does not behave as I expected with
> pdfork()ed children - I thought it should not reap them - so that
> pdfork()ed children can be invisible to s/w that includes a library
> that uses pdfork().
>
> Did I not understand something?

The intent was always that processes with process descriptors would not be exposed to wait(2). That expectation doesn't preclude bugs in the implementation. In the past, the implementation has worked well -- but it sounds like there's a lack of a regression test. Snagging your tests and putting them in the FreeBSD Project's budding Jenkins setup would be excellent. :-)

Robert

I'll add a test case for this.  On a specific detail -- what do we expect to happen for waitpid(pdforked_child_pid,...) ?  This works at the moment, but I could be persuaded either way as to whether it should or not.

More generally, are there any examples of pdfork() usage in practice?  I had a quick look for sandboxed things using it and didn't immediately find any...



This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.