servo
Add hooks to run code in the child process before and after setting up the sandbox
I have two needs not currently supported by gaol:
- I want to run code in the child process after forking but before the sandbox is in place, e.g. to run
prctl(PR_SET_PDEATHSIG)and to set up stdio redirection. - I want to activate the sandbox before exec because I don't control the execed binary. I only need this to work on Linux.
I think these should be supported by providing hooks similar to std::os::unix::process::CommandExt::before_exec. I've named them before_sandbox and before_exec. On Linux a before_exec hook can call ChildSandbox::activate and do extra setup work after entering the sandbox, if desired (e.g. configuring the new namespaces).
To get this to work I had to fix a number of bugs and other issues. In particular, to test that ChildSandbox::activate works in before_exec I had to make it possible to start a glibc-based process in the Linux sandbox, which meant adding Operation::CreateNewProcesses and whitelisting some more system calls. I also had to make substantial fixes the error handling in Linux's start().
The Mac support doesn't propagate errors from before_sandbox/before_exec because I didn't want to try to write that code without being able to test it.
Github isn't showing the commits in the correct order for some reason. My branch has them in the correct order.
BTW the current patches don't support CreateNewProcesses on Mac. It looks like that could be supported, but again I hesitate to try without being able to test.
:umbrella: The latest upstream changes (presumably #51) made this pull request unmergeable. Please resolve the merge conflicts.
