[libcamera-devel] [PATCH] libcamera: process: Fail loudly on isolate
Jacopo Mondi
jacopo at jmondi.org
Wed Jul 31 15:29:19 CEST 2019
Hi Kieran,
On Fri, Jul 19, 2019 at 12:51:54PM +0100, Kieran Bingham wrote:
> Hi Jacopo,
>
> On 19/07/2019 09:05, Jacopo Mondi wrote:
> > Add an error debug message when disassociating part of a process
> > execution context using unshare fails.
> >
> > As this is currently used to isolate a child process which is
> > immediately terminated silently if unshare fails, add a debug printout
> > and propagate up the error code to make the failure more visible.
> >
>
> This sounds good to me.
>
> Have you added this because it has happened to you ?
Yes, isolate() fails on my device with -EPERM...
The only explanation I have is that CLONE_NEWUSER and CLONE_NEWNET
both requires CAP_SYS_ADMIN capability. I've just superficially looked
into this, but the printout helped me understand what was happening.
Thanks
j
>
> Reviewed-by: Kieran Bingham <kieran.bingham at ideasonboard.com>
>
> > Signed-off-by: Jacopo Mondi <jacopo at jmondi.org>
> > ---
> > src/libcamera/process.cpp | 10 +++++++++-
> > 1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/libcamera/process.cpp b/src/libcamera/process.cpp
> > index 6c41da219f05..ab716a9cd57f 100644
> > --- a/src/libcamera/process.cpp
> > +++ b/src/libcamera/process.cpp
> > @@ -306,7 +306,15 @@ void Process::closeAllFdsExcept(const std::vector<int> &fds)
> >
> > int Process::isolate()
> > {
> > - return unshare(CLONE_NEWUSER | CLONE_NEWNET);
> > + int ret = unshare(CLONE_NEWUSER | CLONE_NEWNET);
> > + if (ret) {
> > + ret = -errno;
> > + LOG(Process, Error) << "Failed to unshare execution context: "
> > + << strerror(-ret);
> > + return ret;
> > + }
> > +
> > + return 0;
> > }
> >
> > /**
> > --
> > 2.21.0
> >
> > _______________________________________________
> > libcamera-devel mailing list
> > libcamera-devel at lists.libcamera.org
> > https://lists.libcamera.org/listinfo/libcamera-devel
> >
>
> --
> Regards
> --
> Kieran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.libcamera.org/pipermail/libcamera-devel/attachments/20190731/5a1f0596/attachment.sig>
More information about the libcamera-devel
mailing list