Skip to content

Add std::os::unix::process::CommandExt::chroot to safely chroot a child process #137759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 21, 2025
Merged

Add std::os::unix::process::CommandExt::chroot to safely chroot a child process #137759

merged 4 commits into from
May 21, 2025

Conversation

joshtriplett
Copy link
Member

This adds a chroot method to the CommandExt extension trait for the
Command builder, to set a directory to chroot into. This will chroot
the child process into that directory right before calling chdir for the
Command's working directory.

To avoid allowing a process to have a working directory outside of the
chroot, if the Command does not yet have a working directory set,
chroot will set its working directory to "/".

ACP: rust-lang/libs-team#551

This PR currently has the tracking issue set to "none"; if the ACP is approved,
I'll file a tracking issue and update the PR.

@rustbot
Copy link
Collaborator

rustbot commented Feb 27, 2025

r? @workingjubilee

rustbot has assigned @workingjubilee.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added O-unix Operating system: Unix-like S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Feb 27, 2025
@joshtriplett joshtriplett added T-libs-api Relevant to the library API team, which will review and decide on the PR/issue. and removed T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Feb 27, 2025
@joshtriplett joshtriplett mentioned this pull request Feb 27, 2025
Closed
@workingjubilee workingjubilee added S-waiting-on-ACP Status: PR has an ACP and is waiting for the ACP to complete. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Mar 20, 2025
@bors
Copy link
Collaborator

bors commented Mar 23, 2025

☔ The latest upstream changes (presumably #136929) made this pull request unmergeable. Please resolve the merge conflicts.

@bors bors added the S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. label Mar 23, 2025
tbu-
tbu- reviewed Mar 31, 2025
View reviewed changes
@joshtriplett joshtriplett added the I-libs-api-nominated Nominated for discussion during a libs-api team meeting. label May 16, 2025
@Amanieu Amanieu removed S-waiting-on-ACP Status: PR has an ACP and is waiting for the ACP to complete. I-libs-api-nominated Nominated for discussion during a libs-api team meeting. labels May 20, 2025
@rustbot

This comment has been minimized.

Sign in to view
@joshtriplett joshtriplett mentioned this pull request May 20, 2025
Open
4 tasks
@joshtriplett
Copy link
Member Author

Will rebase shortly.

@joshtriplett
Add std::os::unix::process::CommandExt::chroot to safely chroot a c…
a3cf6f6 
…hild process

This adds a `chroot` method to the `CommandExt` extension trait for the
`Command` builder, to set a directory to chroot into. This will chroot
the child process into that directory right before calling chdir for the
`Command`'s working directory.

To avoid allowing a process to have a working directory outside of the
chroot, if the `Command` does not yet have a working directory set,
`chroot` will set its working directory to "/".
@joshtriplett
CommandExt::chroot: Document difference to underlying chroot
c3b750c
@joshtriplett
CommandExt::chroot: Add tracking issue
17fdf19
Amanieu
Amanieu reviewed May 20, 2025
View reviewed changes
@Amanieu
Copy link
Member

Amanieu commented May 20, 2025

@bors r+

@bors
Copy link
Collaborator

bors commented May 20, 2025

📌 Commit 33d3376 has been approved by Amanieu

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels May 20, 2025
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@joshtriplett
Copy link
Member Author

Sigh. This is the kind of thing that makes me hesitate to try to use links in doc comments.

bors added a commit to rust-lang-ci/rust that referenced this pull request May 21, 2025
@bors
Auto merge of rust-lang#137759 - joshtriplett:command-chroot, r=Amanieu
0424534 
Add `std::os::unix::process::CommandExt::chroot` to safely chroot a child process

This adds a `chroot` method to the `CommandExt` extension trait for the
`Command` builder, to set a directory to chroot into. This will chroot
the child process into that directory right before calling chdir for the
`Command`'s working directory.

To avoid allowing a process to have a working directory outside of the
chroot, if the `Command` does not yet have a working directory set,
`chroot` will set its working directory to "/".

---

ACP: rust-lang/libs-team#551

This PR currently has the tracking issue set to "none"; if the ACP is approved,
I'll file a tracking issue and update the PR.
@bors
Copy link
Collaborator

bors commented May 21, 2025

⌛ Testing commit 33d3376 with merge 0424534...

@joshtriplett
Copy link
Member Author

@bors r-

@bors bors added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels May 21, 2025
@joshtriplett @Amanieu
Apply suggestions from code review
348c1b0 
Link `Command::current_dir`.

Co-authored-by: Amanieu d'Antras <[email protected]>
@rust-log-analyzer
Copy link
Collaborator

The job mingw-check failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot) 
 Documenting std v0.0.0 (/checkout/library/std)
error: unresolved link to `Command::current_dir`
   --> library/std/src/os/unix/process.rs:205:72
    |
205 |     /// This happens before changing to the directory specified with [`Command::current_dir`], and
    |                                                                        ^^^^^^^^^^^^^^^^^^^^ no item named `Command` in scope
    |
    = note: `-D rustdoc::broken-intra-doc-links` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(rustdoc::broken_intra_doc_links)]`

error: unresolved link to `Command::current_dir`
   --> library/std/src/os/unix/process.rs:208:51
    |
208 |     /// If no directory has been specified with [`Command::current_dir`], this will set the directory
    |                                                   ^^^^^^^^^^^^^^^^^^^^ no item named `Command` in scope

error: could not document `std`
warning: build failed, waiting for other jobs to finish...
[RUSTC-TIMING] std test:false 3.146
Command has failed. Rerun with -v to see more details.
Build completed unsuccessfully in 0:00:23
  local time: Wed May 21 05:48:59 UTC 2025
  network time: Wed, 21 May 2025 05:48:59 GMT
##[error]Process completed with exit code 1.
Post job cleanup.

@joshtriplett
Copy link
Member Author

@bors r=Amanieu

@bors
Copy link
Collaborator

bors commented May 21, 2025

📌 Commit 348c1b0 has been approved by Amanieu

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels May 21, 2025
@joshtriplett
Copy link
Member Author

@bors rollup

@matthiaskrgr matthiaskrgr mentioned this pull request May 21, 2025
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request May 21, 2025
@bors
Auto merge of rust-lang#141331 - matthiaskrgr:rollup-k0loxj6, r=matth…
c43786c 
…iaskrgr

Rollup of 7 pull requests

Successful merges:

 - rust-lang#137759 (Add `std::os::unix::process::CommandExt::chroot` to safely chroot a child process)
 - rust-lang#140994 (replace `cc_detect::cc2ar` with `cc::try_get_archiver`)
 - rust-lang#141213 (Suggest use "{}", self.x instead of {self.x} when resolve x as field of `self`)
 - rust-lang#141283 (Allow `x perf` to find rustc.exe on Windows)
 - rust-lang#141284 (Allow trailing comma after argument in query definition)
 - rust-lang#141317 (typeck: catch `continue`s pointing to blocks)
 - rust-lang#141318 (Avoid creating an empty identifer in `Symbol::to_ident_string`.)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit 7b4f7a3 into rust-lang:master May 21, 2025
6 checks passed
@rustbot rustbot added this to the 1.89.0 milestone May 21, 2025
rust-timer added a commit to rust-lang-ci/rust that referenced this pull request May 21, 2025
@rust-timer
Unrolled build for rust-lang#137759
3a0bcde 
Rollup merge of rust-lang#137759 - joshtriplett:command-chroot, r=Amanieu

Add `std::os::unix::process::CommandExt::chroot` to safely chroot a child process

This adds a `chroot` method to the `CommandExt` extension trait for the
`Command` builder, to set a directory to chroot into. This will chroot
the child process into that directory right before calling chdir for the
`Command`'s working directory.

To avoid allowing a process to have a working directory outside of the
chroot, if the `Command` does not yet have a working directory set,
`chroot` will set its working directory to "/".

---

ACP: rust-lang/libs-team#551

This PR currently has the tracking issue set to "none"; if the ACP is approved,
I'll file a tracking issue and update the PR.
github-actions bot pushed a commit to model-checking/verify-rust-std that referenced this pull request May 23, 2025
@matthiaskrgr
Rollup merge of rust-lang#137759 - joshtriplett:command-chroot, r=Ama…
02d9329 
…nieu

Add `std::os::unix::process::CommandExt::chroot` to safely chroot a child process

This adds a `chroot` method to the `CommandExt` extension trait for the
`Command` builder, to set a directory to chroot into. This will chroot
the child process into that directory right before calling chdir for the
`Command`'s working directory.

To avoid allowing a process to have a working directory outside of the
chroot, if the `Command` does not yet have a working directory set,
`chroot` will set its working directory to "/".

---

ACP: rust-lang/libs-team#551

This PR currently has the tracking issue set to "none"; if the ACP is approved,
I'll file a tracking issue and update the PR.
@joshtriplett joshtriplett deleted the command-chroot branch June 6, 2025 02:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amanieu Amanieu Amanieu left review comments

+1 more reviewer

@tbu- tbu- tbu- left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@workingjubilee workingjubilee

Labels
O-unix Operating system: Unix-like S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-libs-api Relevant to the library API team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.89.0
Development

Successfully merging this pull request may close these issues.
7 participants
@joshtriplett @rustbot @bors @Amanieu @rust-log-analyzer @tbu- @workingjubilee