libgo: update to go1.7rc3

Reviewed-on: https://go-review.googlesource.com/25150 From-SVN: r238662
author: Ian Lance Taylor <ian@gcc.gnu.org> 2016-07-22 18:15:38 +0000
committer: Ian Lance Taylor <ian@gcc.gnu.org> 2016-07-22 18:15:38 +0000
commit: 22b955cca564a9a3a5b8c9d9dd1e295b7943c128 (patch)
tree: abdbd898676e1f853fca2d7e031d105d7ebcf676 /libgo/go/syscall/exec_linux.go
parent: 9d04a3af4c6491536badf6bde9707c907e4d196b (diff)
download: gcc-22b955cca564a9a3a5b8c9d9dd1e295b7943c128.zip
gcc-22b955cca564a9a3a5b8c9d9dd1e295b7943c128.tar.gz
gcc-22b955cca564a9a3a5b8c9d9dd1e295b7943c128.tar.bz2
1 files changed, 34 insertions, 19 deletions
diff --git a/libgo/go/syscall/exec_linux.go b/libgo/go/syscall/exec_linux.go
index 6987bc1..581a988 100644
--- a/libgo/go/syscall/exec_linux.go
+++ b/libgo/go/syscall/exec_linux.go
@@ -23,20 +23,21 @@ type SysProcIDMap struct {
 }
 
 type SysProcAttr struct {
-	Chroot      string         // Chroot.
-	Credential  *Credential    // Credential.
-	Ptrace      bool           // Enable tracing.
-	Setsid      bool           // Create session.
-	Setpgid     bool           // Set process group ID to Pgid, or, if Pgid == 0, to new pid.
-	Setctty     bool           // Set controlling terminal to fd Ctty (only meaningful if Setsid is set)
-	Noctty      bool           // Detach fd 0 from controlling terminal
-	Ctty        int            // Controlling TTY fd
-	Foreground  bool           // Place child's process group in foreground. (Implies Setpgid. Uses Ctty as fd of controlling TTY)
-	Pgid        int            // Child's process group ID if Setpgid.
-	Pdeathsig   Signal         // Signal that the process will get when its parent dies (Linux only)
-	Cloneflags  uintptr        // Flags for clone calls (Linux only)
-	UidMappings []SysProcIDMap // User ID mappings for user namespaces.
-	GidMappings []SysProcIDMap // Group ID mappings for user namespaces.
+	Chroot       string         // Chroot.
+	Credential   *Credential    // Credential.
+	Ptrace       bool           // Enable tracing.
+	Setsid       bool           // Create session.
+	Setpgid      bool           // Set process group ID to Pgid, or, if Pgid == 0, to new pid.
+	Setctty      bool           // Set controlling terminal to fd Ctty (only meaningful if Setsid is set)
+	Noctty       bool           // Detach fd 0 from controlling terminal
+	Ctty         int            // Controlling TTY fd
+	Foreground   bool           // Place child's process group in foreground. (Implies Setpgid. Uses Ctty as fd of controlling TTY)
+	Pgid         int            // Child's process group ID if Setpgid.
+	Pdeathsig    Signal         // Signal that the process will get when its parent dies (Linux only)
+	Cloneflags   uintptr        // Flags for clone calls (Linux only)
+	Unshareflags uintptr        // Flags for unshare calls (Linux only)
+	UidMappings  []SysProcIDMap // User ID mappings for user namespaces.
+	GidMappings  []SysProcIDMap // Group ID mappings for user namespaces.
 	// GidMappingsEnableSetgroups enabling setgroups syscall.
 	// If false, then setgroups syscall will be disabled for the child process.
 	// This parameter is no-op if GidMappings == nil. Otherwise for unprivileged
@@ -52,7 +53,7 @@ func runtime_AfterFork()
 // If a dup or exec fails, write the errno error to pipe.
 // (Pipe is close-on-exec so if exec succeeds, it will be closed.)
 // In the child, this function must not acquire any locks, because
-// they might have been locked at the time of the fork.  This means
+// they might have been locked at the time of the fork. This means
 // no rescheduling, no malloc calls, and no new stack segments.
 // For the same reason compiler does not race instrument it.
 // The calls to RawSyscall are okay because they are assembly
@@ -192,11 +193,25 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr
 		}
 	}
 
+	// Unshare
+	if sys.Unshareflags != 0 {
+		_, _, err1 = RawSyscall(SYS_UNSHARE, sys.Unshareflags, 0, 0)
+		if err1 != 0 {
+			goto childerror
+		}
+	}
+
 	// User and groups
 	if cred := sys.Credential; cred != nil {
 		ngroups := len(cred.Groups)
+		var groups unsafe.Pointer
 		if ngroups > 0 {
-			groups := unsafe.Pointer(&cred.Groups[0])
+			groups = unsafe.Pointer(&cred.Groups[0])
+		}
+		// Don't call setgroups in case of user namespace, gid mappings
+		// and disabled setgroups, because otherwise unprivileged user namespace
+		// will fail with any non-empty SysProcAttr.Credential.
+		if !(sys.GidMappings != nil && !sys.GidMappingsEnableSetgroups && ngroups == 0) {
 			err1 = raw_setgroups(ngroups, groups)
 			if err1 != 0 {
 				goto childerror
@@ -253,6 +268,9 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr
 	}
 	for i = 0; i < len(fd); i++ {
 		if fd[i] >= 0 && fd[i] < int(i) {
+			if nextfd == pipe { // don't stomp on pipe
+				nextfd++
+			}
 			err1 = raw_dup2(fd[i], nextfd)
 			if err1 != 0 {
 				goto childerror
@@ -260,9 +278,6 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr
 			raw_fcntl(nextfd, F_SETFD, FD_CLOEXEC)
 			fd[i] = nextfd
 			nextfd++
-			if nextfd == pipe { // don't stomp on pipe
-				nextfd++
-			}
 		}
 	}
author	Ian Lance Taylor <ian@gcc.gnu.org>	2016-07-22 18:15:38 +0000
committer	Ian Lance Taylor <ian@gcc.gnu.org>	2016-07-22 18:15:38 +0000
commit	22b955cca564a9a3a5b8c9d9dd1e295b7943c128 (patch)
tree	abdbd898676e1f853fca2d7e031d105d7ebcf676 /libgo/go/syscall/exec_linux.go
parent	9d04a3af4c6491536badf6bde9707c907e4d196b (diff)
download	gcc-22b955cca564a9a3a5b8c9d9dd1e295b7943c128.zip gcc-22b955cca564a9a3a5b8c9d9dd1e295b7943c128.tar.gz gcc-22b955cca564a9a3a5b8c9d9dd1e295b7943c128.tar.bz2