mirror of
https://github.com/mjl-/mox.git
synced 2024-12-27 08:53:48 +03:00
5b20cba50a
we don't want external software to include internal details like mlog. slog.Logger is/will be the standard. we still have mlog for its helper functions, and its handler that logs in concise logfmt used by mox. packages that are not meant for reuse still pass around mlog.Log for convenience. we use golang.org/x/exp/slog because we also support the previous Go toolchain version. with the next Go release, we'll switch to the builtin slog.
74 lines
1.7 KiB
Go
74 lines
1.7 KiB
Go
//go:build unix
|
|
|
|
package mox
|
|
|
|
import (
|
|
"os"
|
|
"os/signal"
|
|
"strings"
|
|
"syscall"
|
|
|
|
"golang.org/x/exp/slog"
|
|
)
|
|
|
|
// Fork and exec as unprivileged user.
|
|
//
|
|
// We don't use just setuid because it is hard to guarantee that no other
|
|
// privileged go worker processes have been started before we get here. E.g. init
|
|
// functions in packages can start goroutines.
|
|
func ForkExecUnprivileged() {
|
|
prog, err := os.Executable()
|
|
if err != nil {
|
|
pkglog.Fatalx("finding executable for exec", err)
|
|
}
|
|
|
|
files := []*os.File{os.Stdin, os.Stdout, os.Stderr}
|
|
var addrs []string
|
|
for addr, f := range passedListeners {
|
|
files = append(files, f)
|
|
addrs = append(addrs, addr)
|
|
}
|
|
var paths []string
|
|
for path, fl := range passedFiles {
|
|
for _, f := range fl {
|
|
files = append(files, f)
|
|
paths = append(paths, path)
|
|
}
|
|
}
|
|
env := os.Environ()
|
|
env = append(env, "MOX_SOCKETS="+strings.Join(addrs, ","), "MOX_FILES="+strings.Join(paths, ","))
|
|
|
|
p, err := os.StartProcess(prog, os.Args, &os.ProcAttr{
|
|
Env: env,
|
|
Files: files,
|
|
Sys: &syscall.SysProcAttr{
|
|
Credential: &syscall.Credential{
|
|
Uid: Conf.Static.UID,
|
|
Gid: Conf.Static.GID,
|
|
},
|
|
},
|
|
})
|
|
if err != nil {
|
|
pkglog.Fatalx("fork and exec", err)
|
|
}
|
|
CleanupPassedFiles()
|
|
|
|
// If we get a interrupt/terminate signal, pass it on to the child. For interrupt,
|
|
// the child probably already got it.
|
|
// todo: see if we tie up child and root process so a kill -9 of the root process
|
|
// kills the child process too.
|
|
sigc := make(chan os.Signal, 1)
|
|
signal.Notify(sigc, os.Interrupt, syscall.SIGTERM)
|
|
go func() {
|
|
sig := <-sigc
|
|
p.Signal(sig)
|
|
}()
|
|
|
|
st, err := p.Wait()
|
|
if err != nil {
|
|
pkglog.Fatalx("wait", err)
|
|
}
|
|
code := st.ExitCode()
|
|
pkglog.Print("stopping after child exit", slog.Int("exitcode", code))
|
|
os.Exit(code)
|
|
}
|