From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alexander Kjeldaas <ak@formalprivacy.com>
Subject: Re: Avoiding threads in the daemon
Date: Sat, 20 Dec 2014 01:11:47 +0100
Message-ID: <CAHVSqQe9LuK5T6gZF9ap9Fre+0YMKZDQQuU=Oa-=2GOx9wAgHw@mail.gmail.com>
References: <87mw6lym95.fsf@gnu.org> <54946C7A.9020804@logicblox.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1537054828=="
Return-path: <nix-dev-bounces@lists.science.uu.nl>
In-Reply-To: <54946C7A.9020804@logicblox.com>
List-Unsubscribe: <http://lists.science.uu.nl/mailman/listinfo/nix-dev>,
	<mailto:nix-dev-request@lists.science.uu.nl?subject=unsubscribe>
List-Archive: <http://lists.science.uu.nl/pipermail/nix-dev>
List-Post: <mailto:nix-dev@lists.science.uu.nl>
List-Help: <mailto:nix-dev-request@lists.science.uu.nl?subject=help>
List-Subscribe: <http://lists.science.uu.nl/mailman/listinfo/nix-dev>,
	<mailto:nix-dev-request@lists.science.uu.nl?subject=subscribe>
Sender: nix-dev-bounces@lists.science.uu.nl
Errors-To: nix-dev-bounces@lists.science.uu.nl
To: Eelco Dolstra <eelco.dolstra@logicblox.com>
Cc: guix-devel <guix-devel@gnu.org>, =?UTF-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>, nix-dev <nix-dev@lists.science.uu.nl>
List-Id: guix-devel.gnu.org

--===============1537054828==
Content-Type: multipart/alternative; boundary=20cf30207f5402daa6050a9aad12

--20cf30207f5402daa6050a9aad12
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 19, 2014 at 7:20 PM, Eelco Dolstra <eelco.dolstra@logicblox.com=
>
wrote:

> Hi,
>
> On 18/12/14 17:32, Ludovic Court=C3=A8s wrote:
>
> > Thus, I think Nix commit 49fe95 (which introduces monitor-fd.hh, which
> > uses std::thread just for convenience) should be reverted, along with
> > the subsequent commits to that file; then commit 524f89 can be reverted=
.
>
> I really don't want to get rid of threads because they're useful and I
> want to
> use them more in the future (e.g. build.cc would be much simpler if it us=
ed
> threads rather than the current event-driven approach; nix-daemon could
> handle
> client connections with a thread rather than a process; etc.).
>
> I see a few ways to get PID namespaces back:
>
> * Do a regular fork followed by clone(... | CLONE_NEWPID | CLONE_PARENT)
> (after
> which the intermediate process can exit).
>
> * Call setuid/setgid via syscall() to bypass the locking in the Glibc
> wrappers.
> However, there might be other problematic functions so this is not a grea=
t
> solution.
>
> * Get the Glibc folks to provide a way to run at-fork handlers with
> clone().
>
> Clearly the first option is the easiest.
>
>
There is a 4th solution - use a fork()-service. What you do is you fork() a
specific child, the fork()-service, when you start your process, before any
mutex is held and while you control the full state of your program.  You
then communicate with this service using pipes, or your favorite IPC
mechanism.  The fork()-service never starts any thread, and can safely fork
off any child you need.

Alexander

--20cf30207f5402daa6050a9aad12
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Fri, Dec 19, 2014 at 7:20 PM, Eelco Dolstra <span dir=3D"ltr">&lt;<a=
 href=3D"mailto:eelco.dolstra@logicblox.com" target=3D"_blank">eelco.dolstr=
a@logicblox.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" =
style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,=
<br>
<span class=3D""><br>
On 18/12/14 17:32, Ludovic Court=C3=A8s wrote:<br>
<br>
&gt; Thus, I think Nix commit 49fe95 (which introduces monitor-fd.hh, which=
<br>
&gt; uses std::thread just for convenience) should be reverted, along with<=
br>
&gt; the subsequent commits to that file; then commit 524f89 can be reverte=
d.<br>
<br>
</span>I really don&#39;t want to get rid of threads because they&#39;re us=
eful and I want to<br>
use them more in the future (e.g. build.cc would be much simpler if it used=
<br>
threads rather than the current event-driven approach; nix-daemon could han=
dle<br>
client connections with a thread rather than a process; etc.).<br>
<br>
I see a few ways to get PID namespaces back:<br>
<br>
* Do a regular fork followed by clone(... | CLONE_NEWPID | CLONE_PARENT) (a=
fter<br>
which the intermediate process can exit).<br>
<br>
* Call setuid/setgid via syscall() to bypass the locking in the Glibc wrapp=
ers.<br>
However, there might be other problematic functions so this is not a great =
solution.<br>
<br>
* Get the Glibc folks to provide a way to run at-fork handlers with clone()=
.<br>
<br>
Clearly the first option is the easiest.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br></font></span></blockquo=
te><div><br></div><div>There is a 4th solution - use a fork()-service. What=
 you do is you fork() a specific child, the fork()-service, when you start =
your process, before any mutex is held and while you control the full state=
 of your program.=C2=A0 You then communicate with this service using pipes,=
 or your favorite IPC mechanism.=C2=A0 The fork()-service never starts any =
thread, and can safely fork off any child you need.<br><br>Alexander<br></d=
iv></div></div></div>

--20cf30207f5402daa6050a9aad12--

--===============1537054828==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

--===============1537054828==--