First time writing to this list. Appreciate any help/pointers.
We are considering glib threads for developing a secure user space
file-server.
In this effort, we would like to use clone(2) system call which performs
a chroot(/exported/path)
followed by g_thread_pool_new(). The threads created will inherit the
chroot'ed name
space and hence we are are creating a secure zone of exported region for
the fileserver to operate.
Questions.
- What is the best way to demonize the threads created by
g_thread_pool_new()?
In the experimentation, all the threads are exiting if the process
which called g_thread_pool_new() exits.
In the above scenario, the clone'd process doesn't need to hang
around after
calling g_thread_pool_new()...if there is a way to keep the new
threads around.
- Is there any simple way to add/remove threads to the exclusive pool on
the fly?
Attaching my simple program to illustrate what I am trying to achieve.
$ export C_INCLUDE_PATH=$C_INCLUDE_PATH:/usr/include/glib-2.0/
$ cc jv_cloneth_demo.c -o jv_cloneth_demo -lglib-2.0 -lgthread-2.0
$ sudo ./jv_cloneth_demo
This should fail: /etc/passwd stat err:-1 errno:2
This should pass: /passwd stat err:0 errno:0
Thanks in advance,
Venkateswararao Jujjuri (JV)
VirtFS-KVM Project
IBM.
#include <malloc.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <signal.h>
#include <sched.h>
#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <glib-2.0/glib.h>
int gdata;
GThreadPool *pool;
void jv_thread_routine(gpointer data, gpointer user_data)
{
int *ldata = data;
struct stat buf;
int err;
*ldata = *ldata + 1;
errno = 0;
err = stat("/etc/passwd", &buf);
printf("This should fail: /etc/passwd stat err:%d errno:%d\n",
err, errno);
errno = 0;
err = stat("/passwd", &buf);
printf("This should pass: /passwd stat err:%d errno:%d\n", err, errno);
}
// The child thread will execute this function
int threadFunction( void* argument )
{
GError *err;
if (chroot("/etc") < 0) {
perror("chroot. Are you super user?");
exit(3);
}
if (!g_thread_supported()) {
g_thread_init(NULL);
}
pool = g_thread_pool_new(jv_thread_routine, &gdata, 2,
TRUE, &err);
if (pool == NULL) {
exit(4);
}
sleep(5); /*Q: If I remove this sleep, jv_thread_routine won't execute. How can I quit this function while keeping thread pool active? */
return 0;
}
int main()
{
void* stack;
pid_t pid;
stack = malloc(8096);
if (stack == 0) {
perror("malloc: stack alloc failed");
exit(1);
}
// Call the clone system call to create the child thread
pid = clone(&threadFunction, (char*) stack + 8096,
SIGCHLD | CLONE_FILES | CLONE_SIGHAND |
CLONE_VM |CLONE_THREAD, 0 );
if (pid == -1) {
perror("clone");
exit(2);
}
// Wait for the clone to do g_thread_pool_new
while (pool == NULL) {
sleep(1);
}
g_thread_pool_push(pool, &gdata, NULL);
sleep(6);
free(stack);
return 0;
}
_______________________________________________
gtk-list mailing list
gtk-list@xxxxxxxxx
http://mail.gnome.org/mailman/listinfo/gtk-list