From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id B86C11FF16B
	for <inbox@lore.proxmox.com>; Thu, 14 Nov 2024 16:09:47 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 20657344CB;
	Thu, 14 Nov 2024 16:08:32 +0100 (CET)
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 14 Nov 2024 16:07:33 +0100
Message-Id: <20241114150754.374376-7-f.ebner@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20241114150754.374376-1-f.ebner@proxmox.com>
References: <20241114150754.374376-1-f.ebner@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.055 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [tools.pm]
Subject: [pve-devel] [PATCH common v4 06/27] tools: run fork: allow running
 code in parent after fork
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Add an option parameter to the run_fork() run_fork_with_timeout()
functions, where an 'afterfork' subroutine that is run in the parent
process after the fork can be specified. It is made subject to the
timeout too, because the fork already started running at that point
and an error in the 'afterfork' subroutine will take priority over an
error in the child.

In preparation to add a helper to run a Perl subroutine in a user
namespace, which, in turn, will be used for running the container
backup subroutine for external providers inside a user namespace. That
allows them to see the filesystem to back-up from the containers
perspective and also improves security because of isolation.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---

New in v4.

 src/PVE/Tools.pm | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index d31120f..be34358 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1026,7 +1026,7 @@ sub must_stringify {
 # sigkill after $timeout  a $sub running in a fork if it can't write a pipe
 # the $sub has to return a single scalar
 sub run_fork_with_timeout {
-    my ($timeout, $sub) = @_;
+    my ($timeout, $sub, $opts) = @_;
 
     my $res;
     my $error;
@@ -1075,17 +1075,28 @@ sub run_fork_with_timeout {
 	$error = $child_res->{error};
     };
 
+    my $handle_forked = sub {
+	if (my $afterfork = $opts->{afterfork}) {
+	    eval { $afterfork->($child); };
+	    if (my $err = $@) {
+		$error = $err; # propagate error
+		die $err;
+	    }
+	}
+	$readvalues->();
+    };
+
     my $got_timeout = 0;
     my $wantarray = wantarray; # so it can be queried inside eval
     eval {
 	if (defined($timeout)) {
 	    if ($wantarray) {
-		(undef, $got_timeout) = run_with_timeout($timeout, $readvalues);
+		(undef, $got_timeout) = run_with_timeout($timeout, $handle_forked);
 	    } else {
-		run_with_timeout($timeout, $readvalues);
+		run_with_timeout($timeout, $handle_forked);
 	    }
 	} else {
-	    $readvalues->();
+	    $handle_forked->();
 	}
     };
     warn $@ if $@;
@@ -1102,8 +1113,8 @@ sub run_fork_with_timeout {
 }
 
 sub run_fork {
-    my ($code) = @_;
-    return run_fork_with_timeout(undef, $code);
+    my ($code, $opts) = @_;
+    return run_fork_with_timeout(undef, $code, $opts);
 }
 
 # NOTE: NFS syscall can't be interrupted, so alarm does
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel