diff options
author | sersut <serdar@opscode.com> | 2013-04-16 09:35:07 -0700 |
---|---|---|
committer | sersut <serdar@opscode.com> | 2013-04-16 09:35:07 -0700 |
commit | fc9f845dc5e91c19008781b4cbb5d42eb1d1e669 (patch) | |
tree | be9cc2503aa8e36b9e08a997f695c7c08647fa8a /lib | |
parent | 6061e84ec5a1aca932746ec631ae903e89cd0f97 (diff) | |
download | mixlib-shellout-fc9f845dc5e91c19008781b4cbb5d42eb1d1e669.tar.gz |
Clean inherited file descriptors from the parent while forking subprocess.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/mixlib/shellout/unix.rb | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/lib/mixlib/shellout/unix.rb b/lib/mixlib/shellout/unix.rb index 776169d..d7082e1 100644 --- a/lib/mixlib/shellout/unix.rb +++ b/lib/mixlib/shellout/unix.rb @@ -178,6 +178,26 @@ module Mixlib STDIN.sync = true if input end + # When a new process is started with chef, it shares the file + # descriptors of the parent. We clean the file descriptors + # coming from the parent to prevent unintended locking if parent + # is killed. + # NOTE: After some discussions we've decided to iterate on file + # descriptors upto 256. We believe this is a reasonable upper + # limit in a chef environment. If we have issues in the future this + # number could be made to be configurable or updated based on + # the ulimit based on platform. + def clean_parent_file_descriptors + # Don't clean $stdin, $stdout, $stderr, process_status_pipe. + # Also 3 & 4 is reserved by RubyVM + 5.upto(256) do |n| + fd = File.for_fd(n) rescue nil + if fd && process_status_pipe.last.to_i != n + fd.close + end + end + end + def configure_parent_process_file_descriptors # Close the sides of the pipes we don't care about stdin_pipe.first.close @@ -231,6 +251,8 @@ module Mixlib fork do configure_subprocess_file_descriptors + clean_parent_file_descriptors + set_group set_user set_environment |