fix: add CLOEXEC flag to socket created directly #550
Conversation
smira
changed the title
| return fd, nil | ||
| } | ||
|
|
||
| if err == unix.EINVAL || err == unix.EPROTONOSUPPORT { |
There was a problem hiding this comment.
EINVAL seems awfully wide an error to catch for this I think, especially with having to take the forklock in the fallback case.
Can this be further narrowed per-platform with build tags? Afaict linux and all the go-supported bsds support SOCK_CLOEXEC, so the only actually relevant platform would be darwin, non-illumos solaris (before 11.4 according to net source ), maybe AIX?
It looks like GOOS=darwin doesn't even define unix.SOCK_CLOEXEC so this workaround won't even compile there (would it be necessary? I'm not sure)
I'd be inclined to not support it at all, I don't think any of these platforms are tested at all anyway
There was a problem hiding this comment.
Darwin should support CLOEXEC I believe starting with some version, but I haven't tested it.
There's a similar workaround in Go runtime, and this code is loosely based on https://github.com/mdlayher/socket/blob/9c51a391be6c6bc5b7ce52f328497931c5e97733/conn.go#L254-L303
But I'm happy to drop it and simply do | unix.O_CLOEXEC
There was a problem hiding this comment.
yes, SOCK_CLOEXEC is missing on Darwin, but other constants are also missing, so not sure how much relevant that is:
# github.com/insomniacslk/dhcp/dhcpv4/nclient4
dhcpv4/nclient4/conn_unix.go:42:59: undefined: unix.ETH_P_IP
There was a problem hiding this comment.
@Natolumin do you want me to simplify and just add CLOEXEC directly?
There was a problem hiding this comment.
@smira I'm running into this not working on darwin whilst working on siderolabs/talos#10537. FD_CLOEXEC / O_NOINHERIT should be available on nearly all systems so you could refactor this to use them or add CLOEXEC directly
There was a problem hiding this comment.
sounds good, let me try to update this
There was a problem hiding this comment.
reworked it a bit, now should be closer to what Go stdlib does
There was a problem hiding this comment.
Thanks! I've tested this on my branch on mac and it works lovely!
Go runtime adds `CLOEXEC` flags automatically, but when using raw syscalls, we have to do it manually. Without this flag, file descriptors leak to the child processes. Signed-off-by: Andrey Smirnov <[email protected]>
This is the first step in splitting up the darwin qemu provider feature into smaller, easier to review bits. Make the minimal changes required to have the qemu provider build on darwin. The following changes will come in the "first crash" order. Currently the next step that needs fixing is the preflight checks. After that come the various networking bits. * use a newer commit of the dhcpd fork that has the darwin compatible logic (see insomniacslk/dhcp#550) * make sure that the (broken) darwin qemu logic only runs when `DARWIN_QEMU` env var is set * avoid using the linux specific cni.ns package (this can be changed later, just has to be done for now so the thing compiles) * use a cross-platform fallocate package Signed-off-by: Orzelius <[email protected]>
Make the minimal changes required to have the qemu provider build on darwin. This is the first step in splitting up the darwin qemu provider feature into smaller, easier to review bits. The following changes will come in the "first crash" order. Currently the next step that needs fixing is the preflight checks. After that come the various networking bits. * use a newer commit of the dhcpd fork that has the darwin compatible logic (see insomniacslk/dhcp#550) * make sure that the (currently broken) darwin qemu logic only runs when `DARWIN_QEMU` env var is set * avoid using the linux specific cni.ns package (this can be changed back later, just has to be done for now so the thing compiles) * use a cross-platform fallocate package https://github.com/detailyang/go-fallocate Signed-off-by: Orzelius <[email protected]>
Make the minimal changes required to have the qemu provider build on darwin. This is the first step in splitting up the darwin qemu provider feature into smaller, easier to review bits. The following changes will come in the "first crash" order. Currently the next step that needs fixing is the preflight checks. After that come the various networking bits. * use a newer commit of the dhcpd fork that has the darwin compatible logic (see insomniacslk/dhcp#550) * make sure that the (currently broken) darwin qemu logic only runs when `DARWIN_QEMU` env var is set * avoid using the linux specific cni.ns package (this can be changed back later, just has to be done for now so the thing compiles) * use a cross-platform fallocate package https://github.com/detailyang/go-fallocate Signed-off-by: Orzelius <[email protected]>
Make the minimal changes required to have the qemu provider build on darwin. This is the first step in splitting up the darwin qemu provider feature into smaller, easier to review bits. The following changes will come in the "first crash" order. Currently the next step that needs fixing is the preflight checks. After that come the various networking bits. * use a newer commit of the dhcpd fork that has the darwin compatible logic (see insomniacslk/dhcp#550) * make sure that the (currently broken) darwin qemu logic only runs when `DARWIN_QEMU` env var is set * avoid using the linux specific cni.ns package (this can be changed back later, just has to be done for now so the thing compiles) * use a cross-platform fallocate package https://github.com/detailyang/go-fallocate Signed-off-by: Orzelius <[email protected]> Signed-off-by: Andrey Smirnov <[email protected]>
Go runtime adds
CLOEXECflags automatically, but when using raw syscalls, we have to do it manually.Without this flag, file descriptors leak to the child processes.