mirror of
https://github.com/facebook/sapling.git
synced 2024-10-10 16:57:49 +03:00
2941822299
Summary: On macOS we cannot safely use `fork` to spawn processes while other threads may initialize objc classes. This commit replaces the use of `fork` in the privhelper startup with `SpawnedProcess` instead. We need to take care with this as we are generally installed setuid root and we'd like to avoid being tricked into running an arbitrary child process as root. This commit defines a separate executable called `edenfs_privhelper` that contains just the privhelper server code. We need to be careful about locating this executable; to avoid invoking an arbitrary process while we have root privileges we require that the privhelper be a sibling to the edenfs executable and carry out some additional ownership verification so that we can tell that the owner of edenfs also controls edenfs_privhelper. To facilitate this, I've added an `executablePath` function to PathFuncs; it returns the path to the current executable image. To make the integration test scenario simpler, I've added the edenfs_executable binary definition alongside that of the edenfs binary in the buck and cmake build systems. This causes the binaries to be siblings in-situ in the build tree and avoids the need to move things into place in the test harness. Reviewed By: chadaustin Differential Revision: D23653343 fbshipit-source-id: 3c2539a5e0e11cee88960db49c885ce0366d314e |
||
|---|---|---|
| .. | ||
| oss | ||
| test | ||
| .gitignore | ||
| CMakeLists.txt | ||
| eden.thrift | ||
| EdenCPUThreadPool.cpp | ||
| EdenCPUThreadPool.h | ||
| EdenError.cpp | ||
| EdenError.h | ||
| EdenInit.cpp | ||
| EdenInit.h | ||
| EdenMain.cpp | ||
| EdenMain.h | ||
| EdenServer.cpp | ||
| EdenServer.h | ||
| EdenServiceHandler.cpp | ||
| EdenServiceHandler.h | ||
| EdenStateDir.cpp | ||
| EdenStateDir.h | ||
| fb-edenfs@.service | ||
| PeriodicTask.cpp | ||
| PeriodicTask.h | ||
| PrettyPrinters.cpp | ||
| PrettyPrinters.h | ||
| PrivHelperMain.cpp | ||
| StartupLogger.cpp | ||
| StartupLogger.h | ||
| streamingeden.thrift | ||
| Systemd.cpp | ||
| Systemd.h | ||
| ThriftPermissionChecker.cpp | ||
| ThriftPermissionChecker.h | ||
| ThriftUtil.h | ||