From unknown Sat Sep 13 01:26:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Attila Lendvai Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Mar 2022 18:19:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54215@debbugs.gnu.org Cc: Attila Lendvai X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.164615872616746 (code B ref -1); Tue, 01 Mar 2022 18:19:01 +0000 Received: (at submit) by debbugs.gnu.org; 1 Mar 2022 18:18:46 +0000 Received: from localhost ([127.0.0.1]:38160 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP75C-0004M2-8E for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:18:46 -0500 Received: from lists.gnu.org ([209.51.188.17]:52504) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP75A-0004Lu-2D for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:18:45 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55240) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nP755-0002hP-TJ for guix-patches@gnu.org; Tue, 01 Mar 2022 13:18:43 -0500 Received: from [2a00:1450:4864:20::332] (port=41896 helo=mail-wm1-x332.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nP754-0002te-2o for guix-patches@gnu.org; Tue, 01 Mar 2022 13:18:39 -0500 Received: by mail-wm1-x332.google.com with SMTP id a13-20020a05600c348d00b0038188b8bbf6so1726507wmq.0 for ; Tue, 01 Mar 2022 10:18:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=yf6a2R4RoJjbUzWiVhWPuVrxgoTwP72Y7GGsUXCqgJ8=; b=idtmgoRPStIOi0Fuv9pE5rkf+0gnib1GY3SZnpg70JZ2goq4yKe+grnxzLRa4GFAU/ 33Gq51/AF36XbcFNLosTKwJtwsTLKGEyvwQoRkhDHARwEH/K+brjjbJX96RaOxb2qo2T bn+HlIZvNgnqIVrDZ4vTNnv9DfFVqe0hPyAVIE2P/1w/g+C7OT6GU84k0+f9S85PuF/d BAW/M2j0cY89P1O7ajXoBHJH4oDjJK031a+iYUpbeQAKmWkPsKHJDkACjom6qpj+2kZB DiMcdw8IuaWqVXdux65+s3YXbCfpAemnqf/PacICDFv6YRdlHCh2Gk2jLhbBXuoNsWey et+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=yf6a2R4RoJjbUzWiVhWPuVrxgoTwP72Y7GGsUXCqgJ8=; b=yi/fLie8ZidcYM6/Yt55WvuBpqpILxWJ3e8N4o30mWrDoRLisAbsfZ87bRyP4TR/qn p24ypqt7szdjqqp3RsRNaYydk/Up1sBOOu4qGmKCxrwxc+el37lsh4ol2nF2oVR28p5o 9WxdT77oFhsHKuflIKPruWEuK5VILC7nT8EVYMfHjSubP/E9wweTBe5yAiVCCldcy+Go w/Nj+Tr/JVdRxBSvskbuhXKOPtYPn6S3ctxDyut72FWWBgLmxkSqWe5945pg1h0EthZM scLz+C0JBUGuUl1KwHXhrg0I7I8vP1yf0ZOchp47Us0jJWr8XADd7KTgKiLsEJF8MZ6c 8/fw== X-Gm-Message-State: AOAM5304Mhv0utw8fsGHEyjf1k+WSL6aCu7qhpxSrEAvZvLYyuLzLzj4 ZA61KAL9ju7LQZ90B9+Nw7ODW812zhs= X-Google-Smtp-Source: ABdhPJxfDaOUtGkF/owpGXmPaEjA6d005D9ZPfOwy0naavvp/Ik3TtUCcQEtnT4CCiThocYBTAzDbQ== X-Received: by 2002:a05:600c:1c84:b0:381:64f8:fd23 with SMTP id k4-20020a05600c1c8400b0038164f8fd23mr9188622wms.188.1646158716429; Tue, 01 Mar 2022 10:18:36 -0800 (PST) Received: from localhost.localdomain ([2a02:ab88:3710:7c80:9130:5abf:96b3:dc0c]) by smtp.gmail.com with ESMTPSA id n5-20020adffe05000000b001edf8fc0cc3sm14271808wrr.41.2022.03.01.10.18.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Mar 2022 10:18:35 -0800 (PST) From: Attila Lendvai Date: Tue, 1 Mar 2022 19:12:43 +0100 Message-Id: <20220301181242.18384-1-attila@lendvai.name> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::332 (failed) Received-SPF: pass client-ip=2a00:1450:4864:20::332; envelope-from=attila.lendvai@gmail.com; helo=mail-wm1-x332.google.com X-Spam_score_int: 0 X-Spam_score: -0.1 X-Spam_bar: / X-Spam_report: (-0.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, PDS_HP_HELO_NORDNS=0.659, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) * modules/shepherd/service.scm (exec-command, fork+exec-command, make-forkexec-constructor): Add #:rlimits and honor it. Reorder keyword args where needed to be uniform. --- this patch supersedes my previous CALL-IN-FORK proposal: https://issues.guix.gnu.org/54205 i will either close that, or maybe do the internal refactor. we'll see. modules/shepherd/service.scm | 26 ++++++++++++++++++-------- tests/forking-service.sh | 15 +++++++++++++-- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index ad8608b..c6f0f4e 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -787,7 +787,8 @@ daemon writing FILE is running in a separate PID namespace." (directory (default-service-directory)) (file-creation-mask #f) (create-session? #t) - (environment-variables (default-environment-variables))) + (environment-variables (default-environment-variables)) + (rlimits '())) "Run COMMAND as the current process from DIRECTORY, with FILE-CREATION-MASK if it's true, and with ENVIRONMENT-VARIABLES (a list of strings like \"PATH=/bin\"). File descriptors 1 and 2 are kept as is or redirected to @@ -795,6 +796,9 @@ LOG-FILE if it's true, whereas file descriptor 0 (standard input) points to /dev/null; all other file descriptors are closed prior to yielding control to COMMAND. When CREATE-SESSION? is true, call 'setsid' first. +Guile's SETRLIMIT function will be applied on the entries in RLIMITS. For +example a valid value would be '((nproc 10 100) (nofile 4096 4096)). + By default, COMMAND is run as the current user. If the USER keyword argument is present and not false, change to USER immediately before invoking COMMAND. USER may be a string, indicating a user name, or a @@ -808,6 +812,8 @@ false." ;; Programs such as 'mingetty' expect this. (setsid)) + (for-each (cut apply setrlimit <>) rlimits) + (chdir directory) (environ environment-variables) @@ -893,7 +899,8 @@ false." (file-creation-mask #f) (create-session? #t) (environment-variables - (default-environment-variables))) + (default-environment-variables)) + (rlimits '())) "Spawn a process that executed COMMAND as per 'exec-command', and return its PID." ;; Install the SIGCHLD handler if this is the first fork+exec-command call. @@ -924,7 +931,8 @@ its PID." #:directory directory #:file-creation-mask file-creation-mask #:create-session? create-session? - #:environment-variables environment-variables)) + #:environment-variables environment-variables + #:rlimits rlimits)) pid)))) (define* (make-forkexec-constructor command @@ -932,15 +940,16 @@ its PID." (user #f) (group #f) (supplementary-groups '()) + (log-file #f) (directory (default-service-directory)) - (environment-variables - (default-environment-variables)) (file-creation-mask #f) (create-session? #t) + (environment-variables + (default-environment-variables)) + (rlimits '()) (pid-file #f) (pid-file-timeout - (default-pid-file-timeout)) - (log-file #f)) + (default-pid-file-timeout))) "Return a procedure that forks a child process, closes all file descriptors except the standard output and standard error descriptors, sets the current directory to @var{directory}, sets the umask to @@ -978,7 +987,8 @@ start." #:file-creation-mask file-creation-mask #:create-session? create-session? #:environment-variables - environment-variables))) + environment-variables + #:rlimits rlimits))) (if pid-file (match (read-pid-file pid-file #:max-delay pid-file-timeout diff --git a/tests/forking-service.sh b/tests/forking-service.sh index bd9aac9..a745bf4 100644 --- a/tests/forking-service.sh +++ b/tests/forking-service.sh @@ -25,6 +25,7 @@ conf="t-conf-$$" log="t-log-$$" pid="t-pid-$$" service_pid="t-service-pid-$$" +service_nofiles="t-service-nofiles-$$" service2_pid="t-service2-pid-$$" service2_started="t-service2-starts-$$" @@ -49,14 +50,15 @@ cat > "$conf"< $PWD/$service_pid")) + '("$SHELL" "-c" "ulimit -n >$PWD/$service_nofiles; sleep 600 & echo \$! > $PWD/$service_pid")) (register-services (make ;; A service that forks into a different process. #:provides '(test) #:start (make-forkexec-constructor %command - #:pid-file "$PWD/$service_pid") + #:pid-file "$PWD/$service_pid" + #:rlimits '((nofile 1567 1567))) #:stop (make-kill-destructor) #:respawn? #f)) @@ -125,6 +127,15 @@ $herd status test2 | grep started test "`cat $PWD/$service2_started`" = "started started" + + +# test if nofiles was set properly +test -f "$service_nofiles" +nofiles_value="`cat $service_nofiles`" +test 1567 -eq $nofiles_value + + + # Try to trigger eventual race conditions, when killing a process between fork # and execv calls. for i in `seq 1 50` -- 2.34.0 From unknown Sat Sep 13 01:26:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Mar 2022 18:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Attila Lendvai , 54215@debbugs.gnu.org Received: via spool by 54215-submit@debbugs.gnu.org id=B54215.164615917617547 (code B ref 54215); Tue, 01 Mar 2022 18:27:01 +0000 Received: (at 54215) by debbugs.gnu.org; 1 Mar 2022 18:26:16 +0000 Received: from localhost ([127.0.0.1]:38167 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP7CS-0004Yx-8v for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:26:16 -0500 Received: from andre.telenet-ops.be ([195.130.132.53]:38320) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP7CP-0004Ym-3P for 54215@debbugs.gnu.org; Tue, 01 Mar 2022 13:26:14 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by andre.telenet-ops.be with bizsmtp id 16SB270074UW6Th016SBai; Tue, 01 Mar 2022 19:26:11 +0100 Message-ID: <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> From: Maxime Devos Date: Tue, 01 Mar 2022 19:26:05 +0100 In-Reply-To: <20220301181242.18384-1-attila@lendvai.name> References: <20220301181242.18384-1-attila@lendvai.name> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-r/nQ+Vk6tF1CcmYFoK0e" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1646159171; bh=jINFVdGQkzi90Jzj1HBR6sJwxC0IubsmFvRzFktSUGs=; h=Subject:From:To:Date:In-Reply-To:References; b=X7MnYqBgfIgsjKAJ0DCsCmeS3+tDmk7Hi3kHNKoHG84Fvf5KbfB8Nh8i6B02SBhKu M3emEvZFrW7RjUJidDcRKGXxzpTgve53Cp6sd026jdUklAORv1SbeWAoPcM+gZulXE hLzOByrEQ9g9+F85rxDwQ1gXZqRT+GfQApp5+l+MYmI8EujK3igVccmiA5SAoXmRAJ 9TD+WMPcfOhfN+m6+EVcXLOpNsn/ciP9qirSeBTIoVUEifVb5YzHy6bH8pXETMaj59 O23x5J+8Rzl1KFTip6YU+/J9M2zwaVfjJOKNRHFVOicQ8tXOpWE8UT2FcZdo+DvFz3 Tyl8uYJxJYvEA== X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-r/nQ+Vk6tF1CcmYFoK0e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: base64 QXR0aWxhIExlbmR2YWkgc2NocmVlZiBvcCBkaSAwMS0wMy0yMDIyIG9tIDE5OjEyIFsrMDEwMF06 Cj4gwqAoZGVmaW5lKiAobWFrZS1mb3JrZXhlYy1jb25zdHJ1Y3RvciBjb21tYW5kCj4gWy4uLl0K PiArwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoMKgICM6cmxpbWl0cyBybGltaXRzKSkpCgpJIHRoaW5rIGl0IHdvdWxkIGJlIGJl dHRlciB0byB2ZXJpZnkgaWYgcmxpbWl0cyBpcyB3ZWxsLWZvcm1lZApiZWZvcmUgZm9ya2luZywg dG8gbGV0IGV4Y2VwdGlvbiByZXBvcnRpbmcgd29yayBiZXR0ZXIuICBXWURUPwoKR3JlZXRpbmdz LApNYXhpbWUuCg== --=-r/nQ+Vk6tF1CcmYFoK0e Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYh5lPRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7lsgAQCRYf15n4X8MlvrQoVOlQxUlIwb tRe0peTxCvsHPncy1wD/Sb8/PM1anV98sXgV+iuIRSy0cjZOTda/RRaMxOv30wY= =n/l0 -----END PGP SIGNATURE----- --=-r/nQ+Vk6tF1CcmYFoK0e-- From unknown Sat Sep 13 01:26:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Mar 2022 18:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Attila Lendvai , 54215@debbugs.gnu.org Received: via spool by 54215-submit@debbugs.gnu.org id=B54215.164615957718352 (code B ref 54215); Tue, 01 Mar 2022 18:33:02 +0000 Received: (at 54215) by debbugs.gnu.org; 1 Mar 2022 18:32:57 +0000 Received: from localhost ([127.0.0.1]:38193 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP7Iu-0004lv-OZ for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:32:56 -0500 Received: from xavier.telenet-ops.be ([195.130.132.52]:52854) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP7Is-0004ln-Mn for 54215@debbugs.gnu.org; Tue, 01 Mar 2022 13:32:55 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by xavier.telenet-ops.be with bizsmtp id 16Ys2700F4UW6Th016YteR; Tue, 01 Mar 2022 19:32:53 +0100 Message-ID: From: Maxime Devos Date: Tue, 01 Mar 2022 19:32:52 +0100 In-Reply-To: <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> References: <20220301181242.18384-1-attila@lendvai.name> <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-zGK+QbKsAXa7rN0mT8Z6" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1646159573; bh=Z3pEf9dTngE59UQuIxnd5ubUyOXjAk/FjmVL62aZ3KA=; h=Subject:From:To:Date:In-Reply-To:References; b=WYs8APsHxbwnOBcOktBPPjUQrcoc67RIc+nPoeNCQbn45+qyZqzMBIOO7bfEb+5Ea nBp1SMKufxsSP1Xr/5FuPPCklqCFpXJAS8IYVGHbPjvNgu3uL+zYZBLG1nMcFHOz3g gWA/CTCWvzpenCr6VgsQ9tBzspD5qxaUfYoZS4kOroTw0IO1olCi4jNSZ1t6LUl/0c JTisyV6nd98bnVi0ni2kmmXl0oBOgoRjfEkUAfqXIGekiCNl2MGTXEnWQjwj3yDoJx dFwse38dad4Dt0ABhG5iVXELbDhgAHAbayy1wNoPjghXu9g+iSOKMtYxBzB4UXRyTd HXpf5JeB7BqQg== X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-zGK+QbKsAXa7rN0mT8Z6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Maxime Devos schreef op di 01-03-2022 om 19:26 [+0100]: > before forking, to let exception reporting work better.=C2=A0 WYDT? Also, if the (begin (for-each ...) (unblock-signals ...) (exec-command ...)) throws an exception, then it probably it should=C2=A0ignore exception handlers and ignore dynamic-wind, otherwise the listening socket might be deleted (in call-with-server-socket) (*). This can be done by catching all exceptions and calling 'primitive-_exit' in case of an exception. (*) unverified Greetings, Maxime. --=-zGK+QbKsAXa7rN0mT8Z6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYh5m1BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7ukhAP9mOdpmBAn/s6acdI/CXa85Hwza IXSDQUJ5dWjDs70VzwEAwgxK8UJt1yi+WtNp+y6XLjB4o+QR8gTTqGkedkRfIAo= =/7az -----END PGP SIGNATURE----- --=-zGK+QbKsAXa7rN0mT8Z6-- From unknown Sat Sep 13 01:26:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Attila Lendvai Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Mar 2022 18:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 54215@debbugs.gnu.org Reply-To: Attila Lendvai Received: via spool by 54215-submit@debbugs.gnu.org id=B54215.164615975818678 (code B ref 54215); Tue, 01 Mar 2022 18:36:01 +0000 Received: (at 54215) by debbugs.gnu.org; 1 Mar 2022 18:35:58 +0000 Received: from localhost ([127.0.0.1]:38203 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP7Lq-0004rC-6j for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:35:58 -0500 Received: from mail-4018.proton.ch ([185.70.40.18]:20027) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP7Ln-0004qw-Sa for 54215@debbugs.gnu.org; Tue, 01 Mar 2022 13:35:57 -0500 Date: Tue, 01 Mar 2022 18:35:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail3; t=1646159748; bh=yj/ayUJpf+N5Ur8Q/+ghSNBkYWjz7kPDKy2jgGh+I/Q=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=pDYRxgdN2wK1/dKxxPtIxjAgZaaDDnvoVCN00MVmW9FmLlqqe/DWgsZVVHNsDkBO0 KJi9HiUOS1NEah/WdWZv2AKiQu2Q9joe5zaCt8+GwaZBFQN31mHAQUx0wn8NoXdb7u mhjBQQIzADAlTB3v09sgCYKA+ReKLsYAl3N2DewJyUe8L/zhvSakfjqpuFGq1EA7ZO Rgdh9boEFWS00kKoMNcBuzk7JBHvVX4L+L1+AtVKBL4JNtdwYTHikX7pCd2P8vKuhH B329OFnyyaUYDvSD+4Mu5fAmXQRnjk8u2AcXpS1E94nA2lC0QJVAaTpH6zF3fd6Fy6 10x5tBYA1fW3A== From: Attila Lendvai Message-ID: In-Reply-To: <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> References: <20220301181242.18384-1-attila@lendvai.name> <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) > I think it would be better to verify if rlimits is well-formed > before forking, to let exception reporting work better. WYDT? now that i have a reaconable edit-build-test cycle for shepherd, i'm planni= ng to clean up shepherd error reporting and logging, so that when an error occur = then there's a proper backtrace in the shepherd logs. i'd rather work on that instead. does that sound reasonable? but feel free to tailor this as you see fit! -- =E2=80=A2 attila lendvai =E2=80=A2 PGP: 963F 5D5F 45C7 DFCD 0A39 -- =E2=80=9CDon=E2=80=99t be a slave to your own ignorance. Know where your op= inions, especially the strongly held ones, came from and be brave enough to= question them.=E2=80=9D =09=E2=80=94 Dean van Drasek From unknown Sat Sep 13 01:26:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Mar 2022 18:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Attila Lendvai Cc: 54215@debbugs.gnu.org Received: via spool by 54215-submit@debbugs.gnu.org id=B54215.164615989218927 (code B ref 54215); Tue, 01 Mar 2022 18:39:01 +0000 Received: (at 54215) by debbugs.gnu.org; 1 Mar 2022 18:38:12 +0000 Received: from localhost ([127.0.0.1]:38213 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP7Nz-0004vC-Qc for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:38:11 -0500 Received: from xavier.telenet-ops.be ([195.130.132.52]:59598) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP7Ny-0004v4-AC for 54215@debbugs.gnu.org; Tue, 01 Mar 2022 13:38:10 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by xavier.telenet-ops.be with bizsmtp id 16e9270014UW6Th016e9Sd; Tue, 01 Mar 2022 19:38:09 +0100 Message-ID: <9dc56d38b66bcdecf7eb6143f873f07c6cf54582.camel@telenet.be> From: Maxime Devos Date: Tue, 01 Mar 2022 19:38:08 +0100 In-Reply-To: References: <20220301181242.18384-1-attila@lendvai.name> <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-eNq0Mhp51m3Dz5vEzVw3" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1646159889; bh=9AmJ5gmo1MM5VYcIubMEetaXICDw226AH2Rkbu5IYRs=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=MT+hic4ZftMCK9QxYS6OZtU/pjIC+knVaOuEJK8aKJRS4+k+IOeBJ8EbWzSKwhxSA 8+VnCOmE0QdgnoJifmMSM5Fmr/dpLTD6/2qlgTKAVu9yYuDi410XGNxZWtCTdwQY8n tlbVL5Ix+Z6hOEUrcmWN5xqunERFtQEonTPD+VwBDfU6Zrrda94IvXAjV+oVmg247m 0zHfKAisu7cvVCM8Qr4OayyyKCuFZZYxp5cFe+UCnBF1wiaPk+qLCVOGV7uZwbutJj sG1aMAlZlOeMVwZlTIMdr/dNmzyXhCHh21J7gRgkmubuf++sK4Rg+koK28qyVmEaNv VJvAX8AfPFSQQ== X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-eNq0Mhp51m3Dz5vEzVw3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op di 01-03-2022 om 18:35 [+0000]: > now that i have a reaconable edit-build-test cycle for shepherd, i'm plan= ning to > clean up shepherd error reporting and logging, so that when an error occu= r then > there's a proper backtrace in the shepherd logs. >=20 > i'd rather work on that instead. does that sound reasonable? Sure! Better error reporting and rlimit support are orthogonal concerns. Greetings, Maxime. --=-eNq0Mhp51m3Dz5vEzVw3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYh5oEBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7mbuAQCPAza4OTx0VN3rZxCL0CVPQpQO fAeaEy3SD9gfgFsh7wEA0oszpj6F/Wq6btpfBovrTklrKRQH4LAmysdvMpi+KgE= =MFv/ -----END PGP SIGNATURE----- --=-eNq0Mhp51m3Dz5vEzVw3-- From unknown Sat Sep 13 01:26:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Attila Lendvai Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Mar 2022 19:18:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 54215@debbugs.gnu.org Reply-To: Attila Lendvai Received: via spool by 54215-submit@debbugs.gnu.org id=B54215.164616225423193 (code B ref 54215); Tue, 01 Mar 2022 19:18:01 +0000 Received: (at 54215) by debbugs.gnu.org; 1 Mar 2022 19:17:34 +0000 Received: from localhost ([127.0.0.1]:38310 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP806-00061y-AX for submit@debbugs.gnu.org; Tue, 01 Mar 2022 14:17:34 -0500 Received: from mail-4018.proton.ch ([185.70.40.18]:28755) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP803-00061j-MR for 54215@debbugs.gnu.org; Tue, 01 Mar 2022 14:17:33 -0500 Date: Tue, 01 Mar 2022 19:17:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail3; t=1646162244; bh=bKGLUMO0snbcdKGzuqVrKGWRZ2dnqdBT/khFNflPwLw=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=obyKFeG/lUhVJUc0laBM67kDbzfa+I/rQlJP8hfpBLgTZLFMhkp/CjGpgBdd5GNQI nyAr7aVuDsPm7W1wRFksMIbBFTPyHHve1okHQCzoVkVtIdLUAS20UHz/3spz2UoV6p ISiFzQvKpNLj8tfWLCpYGu/keeE/rlnUwGsHRVuq+cjCtC8hC+mX3DVk9IoSf+ASFg O/FN17wzqBDo4H/k2VizfRwd6SLcOv54pmYZe3qzmXLaY2AlyBGMTy6Gq7WF/uWpW3 gzgLMX+9qqUGcrps1OuXo8tr/Gcdre9E6NyIlCvRTvEddz+2KfL6IseRRT5N46OJx+ s/W2WZMiUbmIA== From: Attila Lendvai Message-ID: In-Reply-To: <9dc56d38b66bcdecf7eb6143f873f07c6cf54582.camel@telenet.be> References: <20220301181242.18384-1-attila@lendvai.name> <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> <9dc56d38b66bcdecf7eb6143f873f07c6cf54582.camel@telenet.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) > > now that i have a reaconable edit-build-test cycle for shepherd, i'm pl= anning to > > clean up shepherd error reporting and logging, so that when an error oc= cur then > > there's a proper backtrace in the shepherd logs. > > i'd rather work on that instead. does that sound reasonable? > > Sure! Better error reporting and rlimit support are orthogonal > concerns. well, it's not orthogonal in the sense that i can only work on one of them = in the same unit of time, and this is already a side-project of a side-project= for me. let me know if sanity checking the rlimit arg is a precondition for applyin= g this patch, and then i'll look into it. otherwise APPLY and SETRLIMIT both signal any errors they encounter, and i = think better logging and backtraces will take us much farther than numerous sanit= y checks and error messages, let alone the not-so-apparent costs of the extra= LoC that they introduce into the code. -- =E2=80=A2 attila lendvai =E2=80=A2 PGP: 963F 5D5F 45C7 DFCD 0A39 -- =E2=80=9CThe only way to have a friend is to be one.=E2=80=9D =09=E2=80=94 Ralph Waldo Emerson (1803=E2=80=931882) From unknown Sat Sep 13 01:26:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 01 Mar 2022 19:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Attila Lendvai Cc: 54215@debbugs.gnu.org Received: via spool by 54215-submit@debbugs.gnu.org id=B54215.164616400826135 (code B ref 54215); Tue, 01 Mar 2022 19:47:02 +0000 Received: (at 54215) by debbugs.gnu.org; 1 Mar 2022 19:46:48 +0000 Received: from localhost ([127.0.0.1]:38347 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP8SN-0006nS-Ts for submit@debbugs.gnu.org; Tue, 01 Mar 2022 14:46:48 -0500 Received: from michel.telenet-ops.be ([195.130.137.88]:37346) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP8SM-0006nI-EO for 54215@debbugs.gnu.org; Tue, 01 Mar 2022 14:46:47 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by michel.telenet-ops.be with bizsmtp id 17mk2700F4UW6Th067mk9L; Tue, 01 Mar 2022 20:46:44 +0100 Message-ID: <29ee0164622feb55d52a5e806df9abd5d617467e.camel@telenet.be> From: Maxime Devos Date: Tue, 01 Mar 2022 20:46:39 +0100 In-Reply-To: References: <20220301181242.18384-1-attila@lendvai.name> <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> <9dc56d38b66bcdecf7eb6143f873f07c6cf54582.camel@telenet.be> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-ZGKa2PHcA7uzMNNreot4" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1646164004; bh=1w4tiSyfB7yY0mu15cHSIddC+Ry1tZwsiea/+EhUhhw=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=TJzCEu19AK6Kf8GO3YnV09UZy93FN9WM2lnPw3xIMnf1sHX1yBi3tbl1rBpwViFoI aO7ykddRD/lM5fGXz1EA8KPcRNKGygt4K2eg3ZZA9jAtYos7cvCDHIf30gbn3x3mGX GrcR5YatSsQBzqEqI36cflmN9LO8iWqYttMCo011KxDgVnC7ytDsEqPaXX4ydJPnQj Q6kidvlRVhhpshL1hQx/vASeIIBXrFH3/V6p39ws6XjcK+X5Sk6pnTI7nW1H+OtAiM 0ZRrF9S7tI5fypvzR5/e5AEPeGckwXzvGxDyy3Z1GDudWIoulWySvBNaU3KAahHPuq OargJTDOW2cYg== X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-ZGKa2PHcA7uzMNNreot4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op di 01-03-2022 om 19:17 [+0000]: > > Sure! Better error reporting and rlimit support are orthogonal > > concerns. >=20 > well, it's not orthogonal in the sense that i can only work on one of > them in the same unit of time, and this is already a side-project of > a side-project for me. >=20 > let me know if sanity checking the rlimit arg is a precondition for > applying this patch, and then i'll look into it. Sanity-checking the rlimits (and environment-variables, file-umask, etc.) can be left for later I believe. Greetings, Maxime. --=-ZGKa2PHcA7uzMNNreot4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYh54HxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7nHkAQDfvcbjH7XQSg8c6AXlCmKdVz0b d/gaJ4LoB/umMaVFSQD7BMsZIH8HrrQ4NCUaX4h/tkRGp4TVE5qGmC+h8M5s5wo= =pEV/ -----END PGP SIGNATURE----- --=-ZGKa2PHcA7uzMNNreot4-- From unknown Sat Sep 13 01:26:48 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#54215] [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Resent-From: Attila Lendvai Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 04 Mar 2022 08:30:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54215 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxime Devos Cc: 54215@debbugs.gnu.org Reply-To: Attila Lendvai Received: via spool by 54215-submit@debbugs.gnu.org id=B54215.164638259925316 (code B ref 54215); Fri, 04 Mar 2022 08:30:01 +0000 Received: (at 54215) by debbugs.gnu.org; 4 Mar 2022 08:29:59 +0000 Received: from localhost ([127.0.0.1]:44470 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nQ3K2-0006aG-NJ for submit@debbugs.gnu.org; Fri, 04 Mar 2022 03:29:58 -0500 Received: from mail-4317.proton.ch ([185.70.43.17]:42508) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nQ3Jz-0006Zx-Jr for 54215@debbugs.gnu.org; Fri, 04 Mar 2022 03:29:57 -0500 Date: Fri, 04 Mar 2022 08:29:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name; s=protonmail3; t=1646382588; bh=6JJM3ueGh0z4dhF25yFE4VqAl+glPdFLZinkS5//seY=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=lC1yfb4OCk75AMFRK0cuSFVt/B4vprGcCbr4U96AtqqGwsXsXfxwLgGYsS6NuIwIW 5DfAckjR/iAY+JN5emaCTBR8ospwOZrIoZrIs5SdOXHh57V8xHKKhTPhD4MMJGN8/Y f/ke2uhMCq1iDi9rvVxNMA9DE3AvQ0BoN4OGnyYndt3D1C9EvVftI2ugijDF+Cyl4b g+M6ZrfEAyLpRS+5miVHqRLE1M6lcIKIp+07B1g4b2KO6ZegB6xiaMtozA0iacrieu X0lnqf2GvZ6ABlpysUISCYKncSMjQGlzDMyzCQQ8YS6ND5ITSAlfjOh8ZAf5ibbNK0 bjCmAU/c3Fziw== From: Attila Lendvai Message-ID: In-Reply-To: <29ee0164622feb55d52a5e806df9abd5d617467e.camel@telenet.be> References: <20220301181242.18384-1-attila@lendvai.name> <48526d32a684a531940b59edcfb016ab81c7d3bb.camel@telenet.be> <9dc56d38b66bcdecf7eb6143f873f07c6cf54582.camel@telenet.be> <29ee0164622feb55d52a5e806df9abd5d617467e.camel@telenet.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) if there aren't any obstacles left, then i'd appreciate if merging this wer= en't delayed too long. once the shepherd-for-guix commits also get merged, i can send or update th= at patch to also include this #:rlimits shepherd commit, and then publish t= he service code on my channel for a wider audience. i won't be available on the weekend, but let me know if there's any way i c= an help the process, and i'll look to it when i'm back at the machine. -- =E2=80=A2 attila lendvai =E2=80=A2 PGP: 963F 5D5F 45C7 DFCD 0A39 -- =E2=80=9CA private central bank issuing the public currency is a greater me= nace to the liberties of the people than a standing army. [=E2=80=A6] We mu= st not let our rulers load us with perpetual debt.=E2=80=9D =09=E2=80=94 Thomas Jefferson (1743=E2=80=931826) From unknown Sat Sep 13 01:26:48 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Attila Lendvai Subject: bug#54215: closed (Re: bug#54215: [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co.) Message-ID: References: <878rt3lbdf.fsf@gnu.org> <20220301181242.18384-1-attila@lendvai.name> X-Gnu-PR-Message: they-closed 54215 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 54215@debbugs.gnu.org Date: Mon, 21 Mar 2022 12:49:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1647866942-31460-1" This is a multi-part message in MIME format... ------------=_1647866942-31460-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #54215: [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command'= & co. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 54215@debbugs.gnu.org. --=20 54215: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D54215 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1647866942-31460-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 54215-done) by debbugs.gnu.org; 21 Mar 2022 12:48:58 +0000 Received: from localhost ([127.0.0.1]:36112 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWHT0-0008BB-Ix for submit@debbugs.gnu.org; Mon, 21 Mar 2022 08:48:58 -0400 Received: from eggs.gnu.org ([209.51.188.92]:49082) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWHSz-0008Av-2B for 54215-done@debbugs.gnu.org; Mon, 21 Mar 2022 08:48:57 -0400 Received: from [2001:470:142:3::e] (port=41564 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nWHSs-0008SQ-V1; Mon, 21 Mar 2022 08:48:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=c17eqQQegQAOBFZlZ0kyYU6/iOcn7mN0pleBuwj7agk=; b=fL1p0241VXdrifHTLT3k PhW9obSl07HclTDCagEOVdNOvrS1e0xt8OVZEzd3BYZv3VHBvgIEXnuGgOrAKGovhIe+qfw57vzwh WJRDXoHyjo4mPuXk4egyEaC6ZOlC0TCoUa7QYIzRApI1hBwP24Pr27kOduIj4IX8Wo1kcZIlC3n22 oiX4a/zEbUOEyBOiCAokZKNLsZUq3S18KIbPLJyju8QRWCVArrzOYjJjUAZqMA5YOZJiJZlmdMSZl uW7kH9x4Ea8S7uZq5/xLfhmmVqxuYiGnLJE4AGUS/dCAisPKyZiDAxH9DskTLC1RzRsgpn7TNV4BR trGCLtGp1aJ3cQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:58443 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nWHSp-00054H-Oq; Mon, 21 Mar 2022 08:48:50 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Attila Lendvai Subject: Re: bug#54215: [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. References: <20220301181242.18384-1-attila@lendvai.name> Date: Mon, 21 Mar 2022 13:48:44 +0100 In-Reply-To: <20220301181242.18384-1-attila@lendvai.name> (Attila Lendvai's message of "Tue, 1 Mar 2022 19:12:43 +0100") Message-ID: <878rt3lbdf.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54215-done Cc: 54215-done@debbugs.gnu.org, Maxime Devos X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Attila, Attila Lendvai skribis: > * modules/shepherd/service.scm (exec-command, fork+exec-command, > make-forkexec-constructor): Add #:rlimits and honor it. Reorder keyword = args > where needed to be uniform. Pushed, at last! https://git.savannah.gnu.org/cgit/shepherd.git/commit/?id=3D3ee9a7193d738= 21d6f1dd76a745ed5e4bb1a78c8 I took the liberty to change #:rlimits to #:resource-limits, to be consistent with the naming style used for other keyword arguments. I also updated =E2=80=98doc/shepherd.texi=E2=80=99 and made sure the commit= log mentions all the changes. Thank you for this welcome addition, and apologies for the delay! Ludo=E2=80=99. ------------=_1647866942-31460-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 1 Mar 2022 18:18:46 +0000 Received: from localhost ([127.0.0.1]:38160 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP75C-0004M2-8E for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:18:46 -0500 Received: from lists.gnu.org ([209.51.188.17]:52504) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nP75A-0004Lu-2D for submit@debbugs.gnu.org; Tue, 01 Mar 2022 13:18:45 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55240) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nP755-0002hP-TJ for guix-patches@gnu.org; Tue, 01 Mar 2022 13:18:43 -0500 Received: from [2a00:1450:4864:20::332] (port=41896 helo=mail-wm1-x332.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nP754-0002te-2o for guix-patches@gnu.org; Tue, 01 Mar 2022 13:18:39 -0500 Received: by mail-wm1-x332.google.com with SMTP id a13-20020a05600c348d00b0038188b8bbf6so1726507wmq.0 for ; Tue, 01 Mar 2022 10:18:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=sender:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=yf6a2R4RoJjbUzWiVhWPuVrxgoTwP72Y7GGsUXCqgJ8=; b=idtmgoRPStIOi0Fuv9pE5rkf+0gnib1GY3SZnpg70JZ2goq4yKe+grnxzLRa4GFAU/ 33Gq51/AF36XbcFNLosTKwJtwsTLKGEyvwQoRkhDHARwEH/K+brjjbJX96RaOxb2qo2T bn+HlIZvNgnqIVrDZ4vTNnv9DfFVqe0hPyAVIE2P/1w/g+C7OT6GU84k0+f9S85PuF/d BAW/M2j0cY89P1O7ajXoBHJH4oDjJK031a+iYUpbeQAKmWkPsKHJDkACjom6qpj+2kZB DiMcdw8IuaWqVXdux65+s3YXbCfpAemnqf/PacICDFv6YRdlHCh2Gk2jLhbBXuoNsWey et+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :mime-version:content-transfer-encoding; bh=yf6a2R4RoJjbUzWiVhWPuVrxgoTwP72Y7GGsUXCqgJ8=; b=yi/fLie8ZidcYM6/Yt55WvuBpqpILxWJ3e8N4o30mWrDoRLisAbsfZ87bRyP4TR/qn p24ypqt7szdjqqp3RsRNaYydk/Up1sBOOu4qGmKCxrwxc+el37lsh4ol2nF2oVR28p5o 9WxdT77oFhsHKuflIKPruWEuK5VILC7nT8EVYMfHjSubP/E9wweTBe5yAiVCCldcy+Go w/Nj+Tr/JVdRxBSvskbuhXKOPtYPn6S3ctxDyut72FWWBgLmxkSqWe5945pg1h0EthZM scLz+C0JBUGuUl1KwHXhrg0I7I8vP1yf0ZOchp47Us0jJWr8XADd7KTgKiLsEJF8MZ6c 8/fw== X-Gm-Message-State: AOAM5304Mhv0utw8fsGHEyjf1k+WSL6aCu7qhpxSrEAvZvLYyuLzLzj4 ZA61KAL9ju7LQZ90B9+Nw7ODW812zhs= X-Google-Smtp-Source: ABdhPJxfDaOUtGkF/owpGXmPaEjA6d005D9ZPfOwy0naavvp/Ik3TtUCcQEtnT4CCiThocYBTAzDbQ== X-Received: by 2002:a05:600c:1c84:b0:381:64f8:fd23 with SMTP id k4-20020a05600c1c8400b0038164f8fd23mr9188622wms.188.1646158716429; Tue, 01 Mar 2022 10:18:36 -0800 (PST) Received: from localhost.localdomain ([2a02:ab88:3710:7c80:9130:5abf:96b3:dc0c]) by smtp.gmail.com with ESMTPSA id n5-20020adffe05000000b001edf8fc0cc3sm14271808wrr.41.2022.03.01.10.18.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Mar 2022 10:18:35 -0800 (PST) From: Attila Lendvai To: guix-patches@gnu.org Subject: [PATCH Shepherd] service: Add #:rlimits parameter to 'exec-command' & co. Date: Tue, 1 Mar 2022 19:12:43 +0100 Message-Id: <20220301181242.18384-1-attila@lendvai.name> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::332 (failed) Received-SPF: pass client-ip=2a00:1450:4864:20::332; envelope-from=attila.lendvai@gmail.com; helo=mail-wm1-x332.google.com X-Spam_score_int: 0 X-Spam_score: -0.1 X-Spam_bar: / X-Spam_report: (-0.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, PDS_HP_HELO_NORDNS=0.659, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit Cc: Attila Lendvai X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) * modules/shepherd/service.scm (exec-command, fork+exec-command, make-forkexec-constructor): Add #:rlimits and honor it. Reorder keyword args where needed to be uniform. --- this patch supersedes my previous CALL-IN-FORK proposal: https://issues.guix.gnu.org/54205 i will either close that, or maybe do the internal refactor. we'll see. modules/shepherd/service.scm | 26 ++++++++++++++++++-------- tests/forking-service.sh | 15 +++++++++++++-- 2 files changed, 31 insertions(+), 10 deletions(-) diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index ad8608b..c6f0f4e 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -787,7 +787,8 @@ daemon writing FILE is running in a separate PID namespace." (directory (default-service-directory)) (file-creation-mask #f) (create-session? #t) - (environment-variables (default-environment-variables))) + (environment-variables (default-environment-variables)) + (rlimits '())) "Run COMMAND as the current process from DIRECTORY, with FILE-CREATION-MASK if it's true, and with ENVIRONMENT-VARIABLES (a list of strings like \"PATH=/bin\"). File descriptors 1 and 2 are kept as is or redirected to @@ -795,6 +796,9 @@ LOG-FILE if it's true, whereas file descriptor 0 (standard input) points to /dev/null; all other file descriptors are closed prior to yielding control to COMMAND. When CREATE-SESSION? is true, call 'setsid' first. +Guile's SETRLIMIT function will be applied on the entries in RLIMITS. For +example a valid value would be '((nproc 10 100) (nofile 4096 4096)). + By default, COMMAND is run as the current user. If the USER keyword argument is present and not false, change to USER immediately before invoking COMMAND. USER may be a string, indicating a user name, or a @@ -808,6 +812,8 @@ false." ;; Programs such as 'mingetty' expect this. (setsid)) + (for-each (cut apply setrlimit <>) rlimits) + (chdir directory) (environ environment-variables) @@ -893,7 +899,8 @@ false." (file-creation-mask #f) (create-session? #t) (environment-variables - (default-environment-variables))) + (default-environment-variables)) + (rlimits '())) "Spawn a process that executed COMMAND as per 'exec-command', and return its PID." ;; Install the SIGCHLD handler if this is the first fork+exec-command call. @@ -924,7 +931,8 @@ its PID." #:directory directory #:file-creation-mask file-creation-mask #:create-session? create-session? - #:environment-variables environment-variables)) + #:environment-variables environment-variables + #:rlimits rlimits)) pid)))) (define* (make-forkexec-constructor command @@ -932,15 +940,16 @@ its PID." (user #f) (group #f) (supplementary-groups '()) + (log-file #f) (directory (default-service-directory)) - (environment-variables - (default-environment-variables)) (file-creation-mask #f) (create-session? #t) + (environment-variables + (default-environment-variables)) + (rlimits '()) (pid-file #f) (pid-file-timeout - (default-pid-file-timeout)) - (log-file #f)) + (default-pid-file-timeout))) "Return a procedure that forks a child process, closes all file descriptors except the standard output and standard error descriptors, sets the current directory to @var{directory}, sets the umask to @@ -978,7 +987,8 @@ start." #:file-creation-mask file-creation-mask #:create-session? create-session? #:environment-variables - environment-variables))) + environment-variables + #:rlimits rlimits))) (if pid-file (match (read-pid-file pid-file #:max-delay pid-file-timeout diff --git a/tests/forking-service.sh b/tests/forking-service.sh index bd9aac9..a745bf4 100644 --- a/tests/forking-service.sh +++ b/tests/forking-service.sh @@ -25,6 +25,7 @@ conf="t-conf-$$" log="t-log-$$" pid="t-pid-$$" service_pid="t-service-pid-$$" +service_nofiles="t-service-nofiles-$$" service2_pid="t-service2-pid-$$" service2_started="t-service2-starts-$$" @@ -49,14 +50,15 @@ cat > "$conf"< $PWD/$service_pid")) + '("$SHELL" "-c" "ulimit -n >$PWD/$service_nofiles; sleep 600 & echo \$! > $PWD/$service_pid")) (register-services (make ;; A service that forks into a different process. #:provides '(test) #:start (make-forkexec-constructor %command - #:pid-file "$PWD/$service_pid") + #:pid-file "$PWD/$service_pid" + #:rlimits '((nofile 1567 1567))) #:stop (make-kill-destructor) #:respawn? #f)) @@ -125,6 +127,15 @@ $herd status test2 | grep started test "`cat $PWD/$service2_started`" = "started started" + + +# test if nofiles was set properly +test -f "$service_nofiles" +nofiles_value="`cat $service_nofiles`" +test 1567 -eq $nofiles_value + + + # Try to trigger eventual race conditions, when killing a process between fork # and execv calls. for i in `seq 1 50` -- 2.34.0 ------------=_1647866942-31460-1--