// Copyright 2019 Google LLC. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // Implementation of the sandbox2::ForkServer class. #include "sandboxed_api/sandbox2/global_forkclient.h" #include #include #include #include #include #include "absl/base/attributes.h" #include "absl/strings/str_cat.h" #include "sandboxed_api/sandbox2/comms.h" #include "sandboxed_api/sandbox2/forkserver.h" #include "sandboxed_api/sandbox2/sanitizer.h" #include "sandboxed_api/sandbox2/util/strerror.h" #include "sandboxed_api/util/raw_logging.h" namespace sandbox2 { // Global ForkClient object linking with the global ForkServer. static ForkClient* global_fork_client = nullptr; static pid_t global_fork_server_pid = -1; ForkClient* GetGlobalForkClient() { SAPI_RAW_CHECK(global_fork_client != nullptr, "global fork client not initialized"); return global_fork_client; } pid_t GetGlobalForkServerPid() { return global_fork_server_pid; } static void StartGlobalForkServer() { SAPI_RAW_CHECK(global_fork_client == nullptr, "global fork server already initialized"); if (getenv(kForkServerDisableEnv)) { SAPI_RAW_VLOG(1, "Start of the Global Fork-Server prevented by the '%s' " "environment variable present", kForkServerDisableEnv); return; } sanitizer::WaitForTsan(); // We should be really single-threaded now, as it's the point of the whole // exercise. int num_threads = sanitizer::GetNumberOfThreads(getpid()); if (num_threads != 1) { SAPI_RAW_LOG(ERROR, "BADNESS MAY HAPPEN. ForkServer::Init() created in a " "multi-threaded context, %d threads present", num_threads); } int sv[2]; SAPI_RAW_CHECK(socketpair(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, sv) != -1, "creating socket pair"); // Fork the fork-server, and clean-up the resources (close remote sockets). pid_t pid = fork(); SAPI_RAW_PCHECK(pid != -1, "during fork"); // Parent. if (pid > 0) { close(sv[0]); global_fork_client = new ForkClient{new Comms{sv[1]}}; global_fork_server_pid = pid; return; } // Make sure the logs go stderr. google::LogToStderr(); // Child. close(sv[1]); // Make the process' name easily recognizable with ps/pstree. if (prctl(PR_SET_NAME, "S2-FORK-SERV", 0, 0, 0) != 0) { SAPI_RAW_PLOG(WARNING, "prctl(PR_SET_NAME, 'S2-FORK-SERV')"); } // Don't react (with stack-tracing) to SIGTERM's sent from other processes // (e.g. from the borglet or SubProcess). This ForkServer should go down if // the parent goes down (or if the GlobalForkServerComms is closed), which is // assured by prctl(PR_SET_PDEATHSIG, SIGKILL) being called in the // ForkServer::Initialize(). We don't want to change behavior of non-global // ForkServers, hence it's called here and not in the // ForkServer::Initialize(). struct sigaction sa; sa.sa_handler = SIG_IGN; sa.sa_flags = 0; sigemptyset(&sa.sa_mask); if (sigaction(SIGTERM, &sa, nullptr) == -1) { SAPI_RAW_PLOG(WARNING, "sigaction(SIGTERM, sa_handler=SIG_IGN)"); } Comms comms(sv[0]); ForkServer fork_server(&comms); while (true) { pid_t child_pid = fork_server.ServeRequest(); if (!child_pid) { // FORKSERVER_FORK sent to the global forkserver. This case does not make // sense, we thus kill the process here. exit(0); } } } } // namespace sandbox2 // Run the ForkServer from the constructor, when no other threads are present. // Because it's possible to start thread-inducing initializers before // RunInitializers() (base/googleinit.h) it's not enough to just register // a 0000_ initializer instead. ABSL_ATTRIBUTE_UNUSED __attribute__((constructor)) static void StartSandbox2Forkserver() { sandbox2::StartGlobalForkServer(); }