From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id B86C11FF16B for ; Thu, 14 Nov 2024 16:09:47 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 20657344CB; Thu, 14 Nov 2024 16:08:32 +0100 (CET) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Thu, 14 Nov 2024 16:07:33 +0100 Message-Id: <20241114150754.374376-7-f.ebner@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241114150754.374376-1-f.ebner@proxmox.com> References: <20241114150754.374376-1-f.ebner@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.055 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [tools.pm] Subject: [pve-devel] [PATCH common v4 06/27] tools: run fork: allow running code in parent after fork X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Add an option parameter to the run_fork() run_fork_with_timeout() functions, where an 'afterfork' subroutine that is run in the parent process after the fork can be specified. It is made subject to the timeout too, because the fork already started running at that point and an error in the 'afterfork' subroutine will take priority over an error in the child. In preparation to add a helper to run a Perl subroutine in a user namespace, which, in turn, will be used for running the container backup subroutine for external providers inside a user namespace. That allows them to see the filesystem to back-up from the containers perspective and also improves security because of isolation. Signed-off-by: Fiona Ebner --- New in v4. src/PVE/Tools.pm | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm index d31120f..be34358 100644 --- a/src/PVE/Tools.pm +++ b/src/PVE/Tools.pm @@ -1026,7 +1026,7 @@ sub must_stringify { # sigkill after $timeout a $sub running in a fork if it can't write a pipe # the $sub has to return a single scalar sub run_fork_with_timeout { - my ($timeout, $sub) = @_; + my ($timeout, $sub, $opts) = @_; my $res; my $error; @@ -1075,17 +1075,28 @@ sub run_fork_with_timeout { $error = $child_res->{error}; }; + my $handle_forked = sub { + if (my $afterfork = $opts->{afterfork}) { + eval { $afterfork->($child); }; + if (my $err = $@) { + $error = $err; # propagate error + die $err; + } + } + $readvalues->(); + }; + my $got_timeout = 0; my $wantarray = wantarray; # so it can be queried inside eval eval { if (defined($timeout)) { if ($wantarray) { - (undef, $got_timeout) = run_with_timeout($timeout, $readvalues); + (undef, $got_timeout) = run_with_timeout($timeout, $handle_forked); } else { - run_with_timeout($timeout, $readvalues); + run_with_timeout($timeout, $handle_forked); } } else { - $readvalues->(); + $handle_forked->(); } }; warn $@ if $@; @@ -1102,8 +1113,8 @@ sub run_fork_with_timeout { } sub run_fork { - my ($code) = @_; - return run_fork_with_timeout(undef, $code); + my ($code, $opts) = @_; + return run_fork_with_timeout(undef, $code, $opts); } # NOTE: NFS syscall can't be interrupted, so alarm does -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel