Merge pull request moby#3742 from tonistiigi/git-umask-refactor

git: set umask without reexec

Author: tonistiigi

source/git/gitsource.go

@@ -678,7 +678,7 @@ func git(ctx context.Context, dir, sshAuthSock, knownHosts string, args ...strin
 		}
 		// remote git commands spawn helper processes that inherit FDs and don't
 		// handle parent death signal so exec.CommandContext can't be used
-		err := runProcessGroup(ctx, cmd)
+		err := runWithStandardUmask(ctx, cmd)
 		if err != nil {
 			if strings.Contains(errbuf.String(), "--depth") || strings.Contains(errbuf.String(), "shallow") {
 				if newArgs := argsNoDepth(args); len(args) > len(newArgs) {

source/git/gitsource_test.go

@@ -21,7 +21,6 @@ import (
 	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/snapshots"
 	"github.com/containerd/containerd/snapshots/native"
-	"github.com/docker/docker/pkg/reexec"
 	"github.com/moby/buildkit/cache"
 	"github.com/moby/buildkit/cache/metadata"
 	"github.com/moby/buildkit/client"
@@ -36,12 +35,6 @@ import (
 	bolt "go.etcd.io/bbolt"
 )
 
-func init() {
-	if reexec.Init() {
-		os.Exit(0)
-	}
-}
-
 func TestRepeatedFetch(t *testing.T) {
 	testRepeatedFetch(t, false)
 }

source/git/gitsource_unix.go

@@ -5,80 +5,43 @@ package git
 
 import (
 	"context"
-	"os"
 	"os/exec"
-	"os/signal"
+	"runtime"
 	"syscall"
 	"time"
 
-	"github.com/docker/docker/pkg/reexec"
 	"golang.org/x/sys/unix"
 )
 
-const (
-	gitCmd = "umask-git"
-)
-
-func init() {
-	reexec.Register(gitCmd, gitMain)
-}
-
-func gitMain() {
-	// Need standard user umask for git process.
-	unix.Umask(0022)
-
-	// Reexec git command
-	cmd := exec.Command(os.Args[1], os.Args[2:]...) //nolint:gosec // reexec
-	cmd.SysProcAttr = &unix.SysProcAttr{
-		Setpgid:   true,
-		Pdeathsig: unix.SIGTERM,
-	}
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	cmd.Stdin = os.Stdin
+func runWithStandardUmask(ctx context.Context, cmd *exec.Cmd) error {
+	errCh := make(chan error)
 
-	// Forward all signals
-	sigc := make(chan os.Signal, 1)
-	done := make(chan struct{})
-	signal.Notify(sigc)
 	go func() {
-		for {
-			select {
-			case sig := <-sigc:
-				if cmd.Process == nil {
-					continue
-				}
-				switch sig {
-				case unix.SIGINT, unix.SIGTERM, unix.SIGKILL:
-					_ = unix.Kill(-cmd.Process.Pid, sig.(unix.Signal))
-				default:
-					_ = cmd.Process.Signal(sig)
-				}
-			case <-done:
-				return
-			}
+		defer close(errCh)
+		runtime.LockOSThread()
+
+		if err := unshareAndRun(ctx, cmd); err != nil {
+			errCh <- err
 		}
 	}()
 
-	err := cmd.Run()
-	close(done)
-	if err != nil {
-		if exiterr, ok := err.(*exec.ExitError); ok {
-			switch status := exiterr.Sys().(type) {
-			case unix.WaitStatus:
-				os.Exit(status.ExitStatus())
-			case syscall.WaitStatus:
-				os.Exit(status.ExitStatus())
-			}
-		}
-		os.Exit(1)
+	return <-errCh
+}
+
+// unshareAndRun needs to be called in a locked thread.
+func unshareAndRun(ctx context.Context, cmd *exec.Cmd) error {
+	if err := syscall.Unshare(syscall.CLONE_FS); err != nil {
+		return err
 	}
-	os.Exit(0)
+	syscall.Umask(0022)
+	return runProcessGroup(ctx, cmd)
 }
 
 func runProcessGroup(ctx context.Context, cmd *exec.Cmd) error {
-	cmd.Path = reexec.Self()
-	cmd.Args = append([]string{gitCmd}, cmd.Args...)
+	cmd.SysProcAttr = &unix.SysProcAttr{
+		Setpgid:   true,
+		Pdeathsig: unix.SIGTERM,
+	}
 	if err := cmd.Start(); err != nil {
 		return err
 	}

source/git/gitsource_windows.go

@@ -8,7 +8,7 @@ import (
 	"os/exec"
 )
 
-func runProcessGroup(ctx context.Context, cmd *exec.Cmd) error {
+func runWithStandardUmask(ctx context.Context, cmd *exec.Cmd) error {
 	if err := cmd.Start(); err != nil {
 		return err
 	}