1 // Tests for the process descriptor API for Linux.
2 #include <sys/types.h>
3 #include <sys/resource.h>
4 #include <sys/select.h>
5 #include <sys/socket.h>
6 #include <sys/stat.h>
7 #include <sys/time.h>
8 #include <sys/wait.h>
9 #include <fcntl.h>
10 #include <poll.h>
11 #include <pthread.h>
12 #include <signal.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15
16 #include <iomanip>
17 #include <map>
18
19 #include "capsicum.h"
20 #include "syscalls.h"
21 #include "capsicum-test.h"
22
23 #ifndef __WALL
24 // Linux requires __WALL in order for waitpid(specific_pid,...) to
25 // see and reap any specific pid. Define this to nothing for platforms
26 // (FreeBSD) where it doesn't exist, to reduce macroing.
27 #define __WALL 0
28 #endif
29
30 //------------------------------------------------
31 // Utilities for the tests.
32
pdwait4_(int pd,int * status,int options,struct rusage * ru)33 static pid_t pdwait4_(int pd, int *status, int options, struct rusage *ru) {
34 #ifdef HAVE_PDWAIT4
35 return pdwait4(pd, status, options, ru);
36 #else
37 // Simulate pdwait4() with wait4(pdgetpid()); this won't work in capability mode.
38 pid_t pid = -1;
39 int rc = pdgetpid(pd, &pid);
40 if (rc < 0) {
41 return rc;
42 }
43 options |= __WALL;
44 return wait4(pid, status, options, ru);
45 #endif
46 }
47
print_rusage(FILE * f,struct rusage * ru)48 static void print_rusage(FILE *f, struct rusage *ru) {
49 fprintf(f, " User CPU time=%ld.%06ld\n", (long)ru->ru_utime.tv_sec, (long)ru->ru_utime.tv_usec);
50 fprintf(f, " System CPU time=%ld.%06ld\n", (long)ru->ru_stime.tv_sec, (long)ru->ru_stime.tv_usec);
51 fprintf(f, " Max RSS=%ld\n", ru->ru_maxrss);
52 }
53
print_stat(FILE * f,const struct stat * stat)54 static void print_stat(FILE *f, const struct stat *stat) {
55 fprintf(f,
56 "{ .st_dev=%ld, st_ino=%ld, st_mode=%04o, st_nlink=%ld, st_uid=%d, st_gid=%d,\n"
57 " .st_rdev=%ld, .st_size=%ld, st_blksize=%ld, .st_block=%ld,\n "
58 #ifdef HAVE_STAT_BIRTHTIME
59 ".st_birthtime=%ld, "
60 #endif
61 ".st_atime=%ld, .st_mtime=%ld, .st_ctime=%ld}\n",
62 (long)stat->st_dev, (long)stat->st_ino, stat->st_mode,
63 (long)stat->st_nlink, stat->st_uid, stat->st_gid,
64 (long)stat->st_rdev, (long)stat->st_size, (long)stat->st_blksize,
65 (long)stat->st_blocks,
66 #ifdef HAVE_STAT_BIRTHTIME
67 (long)stat->st_birthtime,
68 #endif
69 (long)stat->st_atime, (long)stat->st_mtime, (long)stat->st_ctime);
70 }
71
72 static volatile sig_atomic_t had_signal[NSIG];
clear_had_signals()73 void clear_had_signals() {
74 memset(const_cast<sig_atomic_t *>(had_signal), 0, sizeof(had_signal));
75 }
handle_signal(int x)76 static void handle_signal(int x) {
77 had_signal[x] = true;
78 }
79
80 // Check that the given child process terminates as expected.
CheckChildFinished(pid_t pid,bool signaled=false)81 void CheckChildFinished(pid_t pid, bool signaled=false) {
82 // Wait for the child to finish.
83 int rc;
84 int status = 0;
85 do {
86 rc = waitpid(pid, &status, __WALL);
87 if (rc < 0) {
88 fprintf(stderr, "Warning: waitpid error %s (%d)\n", strerror(errno), errno);
89 ADD_FAILURE() << "Failed to wait for child";
90 break;
91 } else if (rc == pid) {
92 break;
93 }
94 } while (true);
95 EXPECT_EQ(pid, rc);
96 if (rc == pid) {
97 if (signaled) {
98 EXPECT_TRUE(WIFSIGNALED(status));
99 } else {
100 EXPECT_TRUE(WIFEXITED(status)) << std::hex << status;
101 EXPECT_EQ(0, WEXITSTATUS(status));
102 }
103 }
104 }
105
106 //------------------------------------------------
107 // Basic tests of process descriptor functionality
108
TEST(Pdfork,Simple)109 TEST(Pdfork, Simple) {
110 int pd = -1;
111 int pipefds[2];
112 pid_t parent = getpid_();
113 EXPECT_OK(pipe(pipefds));
114 int pid = pdfork(&pd, 0);
115 EXPECT_OK(pid);
116 if (pid == 0) {
117 // Child: check pid values.
118 EXPECT_EQ(-1, pd);
119 EXPECT_NE(parent, getpid_());
120 EXPECT_EQ(parent, getppid());
121 close(pipefds[0]);
122 SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
123 if (verbose) fprintf(stderr, "Child waiting for exit message\n");
124 // Terminate once the parent has completed the checks
125 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
126 exit(testing::Test::HasFailure());
127 }
128 close(pipefds[1]);
129 // Ensure the child has started.
130 AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
131
132 EXPECT_NE(-1, pd);
133 EXPECT_PID_ALIVE(pid);
134 int pid_got;
135 EXPECT_OK(pdgetpid(pd, &pid_got));
136 EXPECT_EQ(pid, pid_got);
137
138 // Tell the child to exit and wait until it is a zombie.
139 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_REQUEST_CHILD_EXIT);
140 // EXPECT_PID_ZOMBIE waits for up to ~500ms, that should be enough time for
141 // the child to exit successfully.
142 EXPECT_PID_ZOMBIE(pid);
143 close(pipefds[0]);
144
145 // Wait for the the child.
146 int status;
147 struct rusage ru;
148 memset(&ru, 0, sizeof(ru));
149 int waitrc = pdwait4_(pd, &status, 0, &ru);
150 EXPECT_EQ(pid, waitrc);
151 if (verbose) {
152 fprintf(stderr, "For pd %d pid %d:\n", pd, pid);
153 print_rusage(stderr, &ru);
154 }
155 EXPECT_PID_GONE(pid);
156
157 // Can only pdwait4(pd) once (as initial call reaps zombie).
158 memset(&ru, 0, sizeof(ru));
159 EXPECT_EQ(-1, pdwait4_(pd, &status, 0, &ru));
160 EXPECT_EQ(ECHILD, errno);
161
162 EXPECT_OK(close(pd));
163 }
164
TEST(Pdfork,InvalidFlag)165 TEST(Pdfork, InvalidFlag) {
166 int pd = -1;
167 int pid = pdfork(&pd, PD_DAEMON<<5);
168 if (pid == 0) {
169 exit(1);
170 }
171 EXPECT_EQ(-1, pid);
172 EXPECT_EQ(EINVAL, errno);
173 if (pid > 0) waitpid(pid, NULL, __WALL);
174 }
175
TEST(Pdfork,TimeCheck)176 TEST(Pdfork, TimeCheck) {
177 time_t now = time(NULL); // seconds since epoch
178 EXPECT_NE(-1, now);
179 if (verbose) fprintf(stderr, "Calling pdfork around %ld\n", (long)(long)now);
180
181 int pd = -1;
182 pid_t pid = pdfork(&pd, 0);
183 EXPECT_OK(pid);
184 if (pid == 0) {
185 // Child: check we didn't get a valid process descriptor then exit.
186 EXPECT_EQ(-1, pdgetpid(pd, &pid));
187 EXPECT_EQ(EBADF, errno);
188 exit(HasFailure());
189 }
190
191 #ifdef HAVE_PROCDESC_FSTAT
192 // Parent process. Ensure that [acm]times have been set correctly.
193 struct stat stat;
194 memset(&stat, 0, sizeof(stat));
195 EXPECT_OK(fstat(pd, &stat));
196 if (verbose) print_stat(stderr, &stat);
197
198 #ifdef HAVE_STAT_BIRTHTIME
199 EXPECT_GE(now, stat.st_birthtime);
200 EXPECT_EQ(stat.st_birthtime, stat.st_atime);
201 #endif
202 EXPECT_LT((now - stat.st_atime), 2);
203 EXPECT_EQ(stat.st_atime, stat.st_ctime);
204 EXPECT_EQ(stat.st_ctime, stat.st_mtime);
205 #endif
206
207 // Wait for the child to finish.
208 pid_t pd_pid = -1;
209 EXPECT_OK(pdgetpid(pd, &pd_pid));
210 EXPECT_EQ(pid, pd_pid);
211 CheckChildFinished(pid);
212 }
213
TEST(Pdfork,UseDescriptor)214 TEST(Pdfork, UseDescriptor) {
215 int pd = -1;
216 pid_t pid = pdfork(&pd, 0);
217 EXPECT_OK(pid);
218 if (pid == 0) {
219 // Child: immediately exit
220 exit(0);
221 }
222 CheckChildFinished(pid);
223 }
224
TEST(Pdfork,NonProcessDescriptor)225 TEST(Pdfork, NonProcessDescriptor) {
226 int fd = open("/etc/passwd", O_RDONLY);
227 EXPECT_OK(fd);
228 // pd*() operations should fail on a non-process descriptor.
229 EXPECT_EQ(-1, pdkill(fd, SIGUSR1));
230 int status;
231 EXPECT_EQ(-1, pdwait4_(fd, &status, 0, NULL));
232 pid_t pid;
233 EXPECT_EQ(-1, pdgetpid(fd, &pid));
234 close(fd);
235 }
236
SubThreadMain(void * arg)237 static void *SubThreadMain(void *arg) {
238 // Notify the main thread that we have started
239 if (verbose) fprintf(stderr, " subthread started: pipe=%p\n", arg);
240 SEND_INT_MESSAGE((int)(intptr_t)arg, MSG_CHILD_STARTED);
241 while (true) {
242 if (verbose) fprintf(stderr, " subthread: \"I aten't dead\"\n");
243 usleep(100000);
244 }
245 return NULL;
246 }
247
ThreadMain(void *)248 static void *ThreadMain(void *) {
249 int pd;
250 int pipefds[2];
251 EXPECT_EQ(0, pipe(pipefds));
252 pid_t child = pdfork(&pd, 0);
253 if (child == 0) {
254 close(pipefds[0]);
255 // Child: start a subthread then loop.
256 pthread_t child_subthread;
257 // Wait for the subthread startup using another pipe.
258 int thread_pipefds[2];
259 EXPECT_EQ(0, pipe(thread_pipefds));
260 EXPECT_OK(pthread_create(&child_subthread, NULL, SubThreadMain,
261 (void *)(intptr_t)thread_pipefds[0]));
262 if (verbose) {
263 fprintf(stderr, " pdforked process %d: waiting for subthread.\n",
264 getpid());
265 }
266 AWAIT_INT_MESSAGE(thread_pipefds[1], MSG_CHILD_STARTED);
267 close(thread_pipefds[0]);
268 close(thread_pipefds[1]);
269 // Child: Notify parent that all threads have started
270 if (verbose) fprintf(stderr, " pdforked process %d: subthread started\n", getpid());
271 SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
272 while (true) {
273 if (verbose) fprintf(stderr, " pdforked process %d: \"I aten't dead\"\n", getpid());
274 usleep(100000);
275 }
276 exit(0);
277 }
278 if (verbose) fprintf(stderr, " thread generated pd %d\n", pd);
279 close(pipefds[1]);
280 AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
281 if (verbose) fprintf(stderr, "[%d] got child startup message\n", getpid_());
282
283 // Pass the process descriptor back to the main thread.
284 return reinterpret_cast<void *>(pd);
285 }
286
TEST(Pdfork,FromThread)287 TEST(Pdfork, FromThread) {
288 // Fire off a new thread to do all of the creation work.
289 pthread_t child_thread;
290 EXPECT_OK(pthread_create(&child_thread, NULL, ThreadMain, NULL));
291 void *data;
292 EXPECT_OK(pthread_join(child_thread, &data));
293 int pd = reinterpret_cast<intptr_t>(data);
294 if (verbose) fprintf(stderr, "retrieved pd %d from terminated thread\n", pd);
295
296 // Kill and reap.
297 pid_t pid;
298 EXPECT_OK(pdgetpid(pd, &pid));
299 EXPECT_OK(pdkill(pd, SIGKILL));
300 int status;
301 EXPECT_EQ(pid, pdwait4_(pd, &status, 0, NULL));
302 EXPECT_TRUE(WIFSIGNALED(status));
303 }
304
305 //------------------------------------------------
306 // More complicated tests.
307
308
309 // Test fixture that pdfork()s off a child process, which terminates
310 // when it receives anything on a pipe.
311 class PipePdforkBase : public ::testing::Test {
312 public:
PipePdforkBase(int pdfork_flags)313 PipePdforkBase(int pdfork_flags) : pd_(-1), pid_(-1) {
314 clear_had_signals();
315 int pipes[2];
316 EXPECT_OK(pipe(pipes));
317 pipe_ = pipes[1];
318 int parent = getpid_();
319 if (verbose) fprintf(stderr, "[%d] about to pdfork()\n", getpid_());
320 int rc = pdfork(&pd_, pdfork_flags);
321 EXPECT_OK(rc);
322 if (rc == 0) {
323 // Child process: blocking-read an int from the pipe then exit with that value.
324 EXPECT_NE(parent, getpid_());
325 EXPECT_EQ(parent, getppid());
326 if (verbose) fprintf(stderr, " [%d] child of %d waiting for value on pipe\n", getpid_(), getppid());
327 read(pipes[0], &rc, sizeof(rc));
328 if (verbose) fprintf(stderr, " [%d] got value %d on pipe, exiting\n", getpid_(), rc);
329 exit(rc);
330 }
331 pid_ = rc;
332 usleep(100); // ensure the child has a chance to run
333 }
~PipePdforkBase()334 ~PipePdforkBase() {
335 // Terminate by any means necessary.
336 if (pd_ > 0) {
337 pdkill(pd_, SIGKILL);
338 close(pd_);
339 }
340 if (pid_ > 0) {
341 kill(pid_, SIGKILL);
342 waitpid(pid_, NULL, __WALL|WNOHANG);
343 }
344 // Check signal expectations.
345 EXPECT_FALSE(had_signal[SIGCHLD]);
346 }
TerminateChild()347 int TerminateChild() {
348 // Tell the child to exit.
349 int zero = 0;
350 if (verbose) fprintf(stderr, "[%d] write 0 to pipe\n", getpid_());
351 return write(pipe_, &zero, sizeof(zero));
352 }
353 protected:
354 int pd_;
355 int pipe_;
356 pid_t pid_;
357 };
358
359 class PipePdfork : public PipePdforkBase {
360 public:
PipePdfork()361 PipePdfork() : PipePdforkBase(0) {}
362 };
363
364 class PipePdforkDaemon : public PipePdforkBase {
365 public:
PipePdforkDaemon()366 PipePdforkDaemon() : PipePdforkBase(PD_DAEMON) {}
367 };
368
369 // Can we poll a process descriptor?
TEST_F(PipePdfork,Poll)370 TEST_F(PipePdfork, Poll) {
371 // Poll the process descriptor, nothing happening.
372 struct pollfd fdp;
373 fdp.fd = pd_;
374 fdp.events = POLLIN | POLLERR | POLLHUP;
375 fdp.revents = 0;
376 EXPECT_EQ(0, poll(&fdp, 1, 0));
377
378 TerminateChild();
379
380 // Poll again, should have activity on the process descriptor.
381 EXPECT_EQ(1, poll(&fdp, 1, 2000));
382 EXPECT_TRUE(fdp.revents & POLLHUP);
383
384 // Poll a third time, still have POLLHUP.
385 fdp.revents = 0;
386 EXPECT_EQ(1, poll(&fdp, 1, 0));
387 EXPECT_TRUE(fdp.revents & POLLHUP);
388 }
389
390 // Can multiple processes poll on the same descriptor?
TEST_F(PipePdfork,PollMultiple)391 TEST_F(PipePdfork, PollMultiple) {
392 int pipefds[2];
393 EXPECT_EQ(0, pipe(pipefds));
394 int child = fork();
395 EXPECT_OK(child);
396 if (child == 0) {
397 close(pipefds[0]);
398 // Child: wait for parent to acknowledge startup
399 SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
400 // Child: wait for two messages from the parent and the forked process
401 // before telling the other process to terminate.
402 if (verbose) fprintf(stderr, "[%d] waiting for read 1\n", getpid_());
403 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
404 if (verbose) fprintf(stderr, "[%d] waiting for read 2\n", getpid_());
405 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
406 TerminateChild();
407 if (verbose) fprintf(stderr, "[%d] about to exit\n", getpid_());
408 exit(testing::Test::HasFailure());
409 }
410 close(pipefds[1]);
411 AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
412 if (verbose) fprintf(stderr, "[%d] got child startup message\n", getpid_());
413 // Fork again
414 int doppel = fork();
415 EXPECT_OK(doppel);
416 // We now have:
417 // pid A: main process, here
418 // |--pid B: pdfork()ed process, blocked on read()
419 // |--pid C: fork()ed process, in read() above
420 // +--pid D: doppel process, here
421
422 // Both A and D execute the following code.
423 // First, check no activity on the process descriptor yet.
424 struct pollfd fdp;
425 fdp.fd = pd_;
426 fdp.events = POLLIN | POLLERR | POLLHUP;
427 fdp.revents = 0;
428 EXPECT_EQ(0, poll(&fdp, 1, 0));
429
430 // Both A and D ask C to exit, allowing it to do so.
431 if (verbose) fprintf(stderr, "[%d] telling child to exit\n", getpid_());
432 SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_REQUEST_CHILD_EXIT);
433 close(pipefds[0]);
434
435 // Now, wait (indefinitely) for activity on the process descriptor.
436 // We expect:
437 // - pid C will finish its two read() calls, write to the pipe and exit.
438 // - pid B will unblock from read(), and exit
439 // - this will generate an event on the process descriptor...
440 // - ...in both process A and process D.
441 if (verbose) fprintf(stderr, "[%d] waiting for child to exit\n", getpid_());
442 EXPECT_EQ(1, poll(&fdp, 1, 2000));
443 EXPECT_TRUE(fdp.revents & POLLHUP);
444
445 if (doppel == 0) {
446 // Child: process D exits.
447 exit(0);
448 } else {
449 // Parent: wait on process D.
450 int rc = 0;
451 waitpid(doppel, &rc, __WALL);
452 EXPECT_TRUE(WIFEXITED(rc));
453 EXPECT_EQ(0, WEXITSTATUS(rc));
454 // Also wait on process B.
455 CheckChildFinished(child);
456 }
457 }
458
459 // Check that exit status/rusage for a dead pdfork()ed child can be retrieved
460 // via any process descriptor, multiple times.
TEST_F(PipePdfork,MultipleRetrieveExitStatus)461 TEST_F(PipePdfork, MultipleRetrieveExitStatus) {
462 EXPECT_PID_ALIVE(pid_);
463 int pd_copy = dup(pd_);
464 EXPECT_LT(0, TerminateChild());
465
466 int status;
467 struct rusage ru;
468 memset(&ru, 0, sizeof(ru));
469 int waitrc = pdwait4_(pd_copy, &status, 0, &ru);
470 EXPECT_EQ(pid_, waitrc);
471 if (verbose) {
472 fprintf(stderr, "For pd %d -> pid %d:\n", pd_, pid_);
473 print_rusage(stderr, &ru);
474 }
475 EXPECT_PID_GONE(pid_);
476
477 #ifdef NOTYET
478 // Child has been reaped, so original process descriptor dangles but
479 // still has access to rusage information.
480 memset(&ru, 0, sizeof(ru));
481 EXPECT_EQ(0, pdwait4_(pd_, &status, 0, &ru));
482 #endif
483 close(pd_copy);
484 }
485
TEST_F(PipePdfork,ChildExit)486 TEST_F(PipePdfork, ChildExit) {
487 EXPECT_PID_ALIVE(pid_);
488 EXPECT_LT(0, TerminateChild());
489 EXPECT_PID_DEAD(pid_);
490
491 int status;
492 int rc = pdwait4_(pd_, &status, 0, NULL);
493 EXPECT_OK(rc);
494 EXPECT_EQ(pid_, rc);
495 pid_ = 0;
496 }
497
498 #ifdef HAVE_PROC_FDINFO
TEST_F(PipePdfork,FdInfo)499 TEST_F(PipePdfork, FdInfo) {
500 char buffer[1024];
501 sprintf(buffer, "/proc/%d/fdinfo/%d", getpid_(), pd_);
502 int procfd = open(buffer, O_RDONLY);
503 EXPECT_OK(procfd);
504
505 EXPECT_OK(read(procfd, buffer, sizeof(buffer)));
506 // The fdinfo should include the file pos of the underlying file
507 EXPECT_NE((char*)NULL, strstr(buffer, "pos:\t0")) << buffer;
508 // ...and the underlying pid
509 char pidline[256];
510 sprintf(pidline, "pid:\t%d", pid_);
511 EXPECT_NE((char*)NULL, strstr(buffer, pidline)) << buffer;
512 close(procfd);
513 }
514 #endif
515
516 // Closing a normal process descriptor terminates the underlying process.
TEST_F(PipePdfork,Close)517 TEST_F(PipePdfork, Close) {
518 sighandler_t original = signal(SIGCHLD, handle_signal);
519 EXPECT_PID_ALIVE(pid_);
520 int status;
521 EXPECT_EQ(0, waitpid(pid_, &status, __WALL|WNOHANG));
522
523 EXPECT_OK(close(pd_));
524 pd_ = -1;
525 EXPECT_FALSE(had_signal[SIGCHLD]);
526 EXPECT_PID_DEAD(pid_);
527
528 #ifdef __FreeBSD__
529 EXPECT_EQ(-1, waitpid(pid_, NULL, __WALL));
530 EXPECT_EQ(errno, ECHILD);
531 #else
532 // Having closed the process descriptor means that pdwait4(pd) now doesn't work.
533 int rc = pdwait4_(pd_, &status, 0, NULL);
534 EXPECT_EQ(-1, rc);
535 EXPECT_EQ(EBADF, errno);
536
537 // Closing all process descriptors means the the child can only be reaped via pid.
538 EXPECT_EQ(pid_, waitpid(pid_, &status, __WALL|WNOHANG));
539 #endif
540 signal(SIGCHLD, original);
541 }
542
TEST_F(PipePdfork,CloseLast)543 TEST_F(PipePdfork, CloseLast) {
544 sighandler_t original = signal(SIGCHLD, handle_signal);
545 // Child should only die when last process descriptor is closed.
546 EXPECT_PID_ALIVE(pid_);
547 int pd_other = dup(pd_);
548
549 EXPECT_OK(close(pd_));
550 pd_ = -1;
551
552 EXPECT_PID_ALIVE(pid_);
553 int status;
554 EXPECT_EQ(0, waitpid(pid_, &status, __WALL|WNOHANG));
555
556 // Can no longer pdwait4() the closed process descriptor...
557 EXPECT_EQ(-1, pdwait4_(pd_, &status, WNOHANG, NULL));
558 EXPECT_EQ(EBADF, errno);
559 // ...but can pdwait4() the still-open process descriptor.
560 errno = 0;
561 EXPECT_EQ(0, pdwait4_(pd_other, &status, WNOHANG, NULL));
562 EXPECT_EQ(0, errno);
563
564 EXPECT_OK(close(pd_other));
565 EXPECT_PID_DEAD(pid_);
566
567 EXPECT_FALSE(had_signal[SIGCHLD]);
568 signal(SIGCHLD, original);
569 }
570
FORK_TEST(Pdfork,OtherUserIfRoot)571 FORK_TEST(Pdfork, OtherUserIfRoot) {
572 GTEST_SKIP_IF_NOT_ROOT();
573 int pd;
574 int status;
575 pid_t pid = pdfork(&pd, 0);
576 EXPECT_OK(pid);
577 if (pid == 0) {
578 // Child process: loop forever.
579 while (true) usleep(100000);
580 }
581 usleep(100);
582
583 // Now that the second process has been pdfork()ed, change euid.
584 ASSERT_NE(0u, other_uid) << "other_uid not initialized correctly, "
585 "please pass the -u <uid> flag.";
586 EXPECT_EQ(0, setuid(other_uid));
587 EXPECT_EQ(other_uid, getuid());
588 if (verbose) fprintf(stderr, "uid=%d euid=%d\n", getuid(), geteuid());
589
590 // Fail to kill child with normal PID operation.
591 EXPECT_EQ(-1, kill(pid, SIGKILL));
592 EXPECT_EQ(EPERM, errno);
593 EXPECT_PID_ALIVE(pid);
594
595 // Ideally, we should be able to send signals via a process descriptor even
596 // if it's owned by another user, but this is not implementated on FreeBSD.
597 #ifdef __FreeBSD__
598 // On FreeBSD, pdkill() still performs all the same checks that kill() does
599 // and therefore cannot be used to send a signal to a process with another
600 // UID unless we are root.
601 EXPECT_SYSCALL_FAIL(EBADF, pdkill(pid, SIGKILL));
602 EXPECT_PID_ALIVE(pid);
603 // However, the process will be killed when we close the process descriptor.
604 EXPECT_OK(close(pd));
605 EXPECT_PID_GONE(pid);
606 // Can't pdwait4() after close() since close() reparents the child to a reaper (init)
607 EXPECT_SYSCALL_FAIL(EBADF, pdwait4_(pd, &status, WNOHANG, NULL));
608 #else
609 // Sending a signal with pdkill() should be permitted though.
610 EXPECT_OK(pdkill(pd, SIGKILL));
611 EXPECT_PID_ZOMBIE(pid);
612
613 int rc = pdwait4_(pd, &status, WNOHANG, NULL);
614 EXPECT_OK(rc);
615 EXPECT_EQ(pid, rc);
616 EXPECT_TRUE(WIFSIGNALED(status));
617 #endif
618 }
619
TEST_F(PipePdfork,WaitPidThenPd)620 TEST_F(PipePdfork, WaitPidThenPd) {
621 TerminateChild();
622 int status;
623 // If we waitpid(pid) first...
624 int rc = waitpid(pid_, &status, __WALL);
625 EXPECT_OK(rc);
626 EXPECT_EQ(pid_, rc);
627
628 #ifdef NOTYET
629 // ...the zombie is reaped but we can still subsequently pdwait4(pd).
630 EXPECT_EQ(0, pdwait4_(pd_, &status, 0, NULL));
631 #endif
632 }
633
TEST_F(PipePdfork,WaitPdThenPid)634 TEST_F(PipePdfork, WaitPdThenPid) {
635 TerminateChild();
636 int status;
637 // If we pdwait4(pd) first...
638 int rc = pdwait4_(pd_, &status, 0, NULL);
639 EXPECT_OK(rc);
640 EXPECT_EQ(pid_, rc);
641
642 // ...the zombie is reaped and cannot subsequently waitpid(pid).
643 EXPECT_EQ(-1, waitpid(pid_, &status, __WALL));
644 EXPECT_EQ(ECHILD, errno);
645 }
646
647 // Setting PD_DAEMON prevents close() from killing the child.
TEST_F(PipePdforkDaemon,Close)648 TEST_F(PipePdforkDaemon, Close) {
649 EXPECT_OK(close(pd_));
650 pd_ = -1;
651 EXPECT_PID_ALIVE(pid_);
652
653 // Can still explicitly kill it via the pid.
654 if (pid_ > 0) {
655 EXPECT_OK(kill(pid_, SIGKILL));
656 EXPECT_PID_DEAD(pid_);
657 }
658 }
659
TestPdkill(pid_t pid,int pd)660 static void TestPdkill(pid_t pid, int pd) {
661 EXPECT_PID_ALIVE(pid);
662 // SIGCONT is ignored by default.
663 EXPECT_OK(pdkill(pd, SIGCONT));
664 EXPECT_PID_ALIVE(pid);
665
666 // SIGINT isn't
667 EXPECT_OK(pdkill(pd, SIGINT));
668 EXPECT_PID_DEAD(pid);
669
670 // pdkill() on zombie is no-op.
671 errno = 0;
672 EXPECT_EQ(0, pdkill(pd, SIGINT));
673 EXPECT_EQ(0, errno);
674
675 // pdkill() on reaped process gives -ESRCH.
676 CheckChildFinished(pid, true);
677 EXPECT_EQ(-1, pdkill(pd, SIGINT));
678 EXPECT_EQ(ESRCH, errno);
679 }
680
TEST_F(PipePdfork,Pdkill)681 TEST_F(PipePdfork, Pdkill) {
682 TestPdkill(pid_, pd_);
683 }
684
TEST_F(PipePdforkDaemon,Pdkill)685 TEST_F(PipePdforkDaemon, Pdkill) {
686 TestPdkill(pid_, pd_);
687 }
688
TEST(Pdfork,PdkillOtherSignal)689 TEST(Pdfork, PdkillOtherSignal) {
690 int pd = -1;
691 int pipefds[2];
692 EXPECT_EQ(0, pipe(pipefds));
693 int pid = pdfork(&pd, 0);
694 EXPECT_OK(pid);
695 if (pid == 0) {
696 // Child: tell the parent that we have started before entering the loop,
697 // and importantly only do so once we have registered the SIGUSR1 handler.
698 close(pipefds[0]);
699 clear_had_signals();
700 signal(SIGUSR1, handle_signal);
701 SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
702 // Child: watch for SIGUSR1 forever.
703 while (!had_signal[SIGUSR1]) {
704 usleep(100000);
705 }
706 exit(123);
707 }
708 // Wait for child to start
709 close(pipefds[1]);
710 AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
711 close(pipefds[0]);
712
713 // Send an invalid signal.
714 EXPECT_EQ(-1, pdkill(pd, 0xFFFF));
715 EXPECT_EQ(EINVAL, errno);
716
717 // Send an expected SIGUSR1 to the pdfork()ed child.
718 EXPECT_PID_ALIVE(pid);
719 pdkill(pd, SIGUSR1);
720 EXPECT_PID_DEAD(pid);
721
722 // Child's exit status confirms whether it received the signal.
723 int status;
724 int rc = waitpid(pid, &status, __WALL);
725 EXPECT_OK(rc);
726 EXPECT_EQ(pid, rc);
727 EXPECT_TRUE(WIFEXITED(status)) << "status: 0x" << std::hex << status;
728 EXPECT_EQ(123, WEXITSTATUS(status));
729 }
730
PdforkParentDeath(int pdfork_flags)731 pid_t PdforkParentDeath(int pdfork_flags) {
732 // Set up:
733 // pid A: main process, here
734 // +--pid B: fork()ed process, starts a child process with pdfork() then
735 // waits for parent to send a shutdown message.
736 // +--pid C: pdfork()ed process, looping forever
737 int sock_fds[2];
738 EXPECT_OK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds));
739 if (verbose) fprintf(stderr, "[%d] parent about to fork()...\n", getpid_());
740 pid_t child = fork();
741 EXPECT_OK(child);
742 if (child == 0) {
743 int pd;
744 if (verbose) fprintf(stderr, " [%d] child about to pdfork()...\n", getpid_());
745 int pipefds[2]; // for startup notification
746 EXPECT_OK(pipe(pipefds));
747 pid_t grandchild = pdfork(&pd, pdfork_flags);
748 if (grandchild == 0) {
749 close(pipefds[0]);
750 pid_t grandchildPid = getpid_();
751 EXPECT_EQ(sizeof(grandchildPid), (size_t)write(pipefds[1], &grandchildPid, sizeof(grandchildPid)));
752 while (true) {
753 if (verbose) fprintf(stderr, " [%d] grandchild: \"I aten't dead\"\n", grandchildPid);
754 sleep(1);
755 }
756 }
757 close(pipefds[1]);
758 if (verbose) fprintf(stderr, " [%d] pdfork()ed grandchild %d, sending ID to parent\n", getpid_(), grandchild);
759 // Wait for grandchild to start.
760 pid_t grandchild2;
761 EXPECT_EQ(sizeof(grandchild2), (size_t)read(pipefds[0], &grandchild2, sizeof(grandchild2)));
762 EXPECT_EQ(grandchild, grandchild2) << "received invalid grandchild pid";
763 if (verbose) fprintf(stderr, " [%d] grandchild %d has started successfully\n", getpid_(), grandchild);
764 close(pipefds[0]);
765
766 // Send grandchild pid to parent.
767 EXPECT_EQ(sizeof(grandchild), (size_t)write(sock_fds[1], &grandchild, sizeof(grandchild)));
768 if (verbose) fprintf(stderr, " [%d] sent grandchild pid %d to parent\n", getpid_(), grandchild);
769 // Wait for parent to acknowledge the message.
770 AWAIT_INT_MESSAGE(sock_fds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
771 if (verbose) fprintf(stderr, " [%d] parent acknowledged grandchild pid %d\n", getpid_(), grandchild);
772 if (verbose) fprintf(stderr, " [%d] child terminating\n", getpid_());
773 exit(testing::Test::HasFailure());
774 }
775 if (verbose) fprintf(stderr, "[%d] fork()ed child is %d\n", getpid_(), child);
776 pid_t grandchild;
777 read(sock_fds[0], &grandchild, sizeof(grandchild));
778 if (verbose) fprintf(stderr, "[%d] received grandchild id %d\n", getpid_(), grandchild);
779 EXPECT_PID_ALIVE(child);
780 EXPECT_PID_ALIVE(grandchild);
781 // Tell child to exit.
782 if (verbose) fprintf(stderr, "[%d] telling child %d to exit\n", getpid_(), child);
783 SEND_INT_MESSAGE(sock_fds[0], MSG_PARENT_REQUEST_CHILD_EXIT);
784 // Child dies, closing its process descriptor for the grandchild.
785 EXPECT_PID_DEAD(child);
786 CheckChildFinished(child);
787 return grandchild;
788 }
789
TEST(Pdfork,Bagpuss)790 TEST(Pdfork, Bagpuss) {
791 // "And of course when Bagpuss goes to sleep, all his friends go to sleep too"
792 pid_t grandchild = PdforkParentDeath(0);
793 // By default: child death => closed process descriptor => grandchild death.
794 EXPECT_PID_DEAD(grandchild);
795 }
796
TEST(Pdfork,BagpussDaemon)797 TEST(Pdfork, BagpussDaemon) {
798 pid_t grandchild = PdforkParentDeath(PD_DAEMON);
799 // With PD_DAEMON: child death => closed process descriptor => no effect on grandchild.
800 EXPECT_PID_ALIVE(grandchild);
801 if (grandchild > 0) {
802 EXPECT_OK(kill(grandchild, SIGKILL));
803 }
804 }
805
806 // The exit of a pdfork()ed process should not generate SIGCHLD.
TEST_F(PipePdfork,NoSigchld)807 TEST_F(PipePdfork, NoSigchld) {
808 clear_had_signals();
809 sighandler_t original = signal(SIGCHLD, handle_signal);
810 TerminateChild();
811 int rc = 0;
812 // Can waitpid() for the specific pid of the pdfork()ed child.
813 EXPECT_EQ(pid_, waitpid(pid_, &rc, __WALL));
814 EXPECT_TRUE(WIFEXITED(rc)) << "0x" << std::hex << rc;
815 EXPECT_FALSE(had_signal[SIGCHLD]);
816 signal(SIGCHLD, original);
817 }
818
819 // The exit of a pdfork()ed process whose process descriptors have
820 // all been closed should generate SIGCHLD. The child process needs
821 // PD_DAEMON to survive the closure of the process descriptors.
TEST_F(PipePdforkDaemon,NoPDSigchld)822 TEST_F(PipePdforkDaemon, NoPDSigchld) {
823 clear_had_signals();
824 sighandler_t original = signal(SIGCHLD, handle_signal);
825
826 EXPECT_OK(close(pd_));
827 TerminateChild();
828 #ifdef __FreeBSD__
829 EXPECT_EQ(-1, waitpid(pid_, NULL, __WALL));
830 EXPECT_EQ(errno, ECHILD);
831 #else
832 int rc = 0;
833 // Can waitpid() for the specific pid of the pdfork()ed child.
834 EXPECT_EQ(pid_, waitpid(pid_, &rc, __WALL));
835 EXPECT_TRUE(WIFEXITED(rc)) << "0x" << std::hex << rc;
836 #endif
837 EXPECT_FALSE(had_signal[SIGCHLD]);
838 signal(SIGCHLD, original);
839 }
840
841 #ifdef HAVE_PROCDESC_FSTAT
TEST_F(PipePdfork,ModeBits)842 TEST_F(PipePdfork, ModeBits) {
843 // Owner rwx bits indicate liveness of child
844 struct stat stat;
845 memset(&stat, 0, sizeof(stat));
846 EXPECT_OK(fstat(pd_, &stat));
847 if (verbose) print_stat(stderr, &stat);
848 EXPECT_EQ(S_IRWXU, (long)(stat.st_mode & S_IRWXU));
849
850 TerminateChild();
851 usleep(100000);
852
853 memset(&stat, 0, sizeof(stat));
854 EXPECT_OK(fstat(pd_, &stat));
855 if (verbose) print_stat(stderr, &stat);
856 EXPECT_EQ(0, (int)(stat.st_mode & S_IRWXU));
857 }
858 #endif
859
TEST_F(PipePdfork,WildcardWait)860 TEST_F(PipePdfork, WildcardWait) {
861 TerminateChild();
862 EXPECT_PID_ZOMBIE(pid_); // Ensure child is truly dead.
863
864 // Wildcard waitpid(-1) should not see the pdfork()ed child because
865 // there is still a process descriptor for it.
866 int rc;
867 EXPECT_EQ(-1, waitpid(-1, &rc, WNOHANG));
868 EXPECT_EQ(ECHILD, errno);
869
870 EXPECT_OK(close(pd_));
871 pd_ = -1;
872 }
873
FORK_TEST(Pdfork,Pdkill)874 FORK_TEST(Pdfork, Pdkill) {
875 clear_had_signals();
876 int pd;
877 int pipefds[2];
878 EXPECT_OK(pipe(pipefds));
879 pid_t pid = pdfork(&pd, 0);
880 EXPECT_OK(pid);
881
882 if (pid == 0) {
883 // Child: set a SIGINT handler, notify the parent and sleep.
884 close(pipefds[0]);
885 clear_had_signals();
886 signal(SIGINT, handle_signal);
887 if (verbose) fprintf(stderr, "[%d] child started\n", getpid_());
888 SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
889 if (verbose) fprintf(stderr, "[%d] child about to sleep(10)\n", getpid_());
890 // Note: we could receive the SIGINT just before sleep(), so we use a loop
891 // with a short delay instead of one long sleep().
892 for (int i = 0; i < 50 && !had_signal[SIGINT]; i++) {
893 usleep(100000);
894 }
895 if (verbose) fprintf(stderr, "[%d] child slept, had[SIGINT]=%d\n",
896 getpid_(), (int)had_signal[SIGINT]);
897 // Return non-zero if we didn't see SIGINT.
898 exit(had_signal[SIGINT] ? 0 : 99);
899 }
900
901 // Parent: get child's PID.
902 pid_t pd_pid;
903 EXPECT_OK(pdgetpid(pd, &pd_pid));
904 EXPECT_EQ(pid, pd_pid);
905
906 // Interrupt the child once it's registered the SIGINT handler.
907 close(pipefds[1]);
908 if (verbose) fprintf(stderr, "[%d] waiting for child\n", getpid_());
909 AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
910 EXPECT_OK(pdkill(pd, SIGINT));
911 if (verbose) fprintf(stderr, "[%d] sent SIGINT\n", getpid_());
912
913 // Make sure the child finished properly (caught signal then exited).
914 CheckChildFinished(pid);
915 }
916
FORK_TEST(Pdfork,PdkillSignal)917 FORK_TEST(Pdfork, PdkillSignal) {
918 int pd;
919 int pipefds[2];
920 EXPECT_OK(pipe(pipefds));
921 pid_t pid = pdfork(&pd, 0);
922 EXPECT_OK(pid);
923
924 if (pid == 0) {
925 close(pipefds[0]);
926 if (verbose) fprintf(stderr, "[%d] child started\n", getpid_());
927 SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
928 // Child: wait for shutdown message. No SIGINT handler. The message should
929 // never be received, since SIGINT should terminate the process.
930 if (verbose) fprintf(stderr, "[%d] child about to read()\n", getpid_());
931 AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
932 fprintf(stderr, "[%d] child read() returned unexpectedly\n", getpid_());
933 exit(99);
934 }
935 // Wait for child to start before signalling.
936 if (verbose) fprintf(stderr, "[%d] waiting for child\n", getpid_());
937 close(pipefds[1]);
938 AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
939 // Kill the child (as it doesn't handle SIGINT).
940 if (verbose) fprintf(stderr, "[%d] sending SIGINT\n", getpid_());
941 EXPECT_OK(pdkill(pd, SIGINT));
942
943 // Make sure the child finished properly (terminated by signal).
944 CheckChildFinished(pid, true);
945 }
946
947 //------------------------------------------------
948 // Test interactions with other parts of Capsicum:
949 // - capability mode
950 // - capabilities
951
FORK_TEST(Pdfork,DaemonUnrestricted)952 FORK_TEST(Pdfork, DaemonUnrestricted) {
953 EXPECT_OK(cap_enter());
954 int fd;
955
956 // Capability mode leaves pdfork() available, with and without flag.
957 int rc;
958 rc = pdfork(&fd, PD_DAEMON);
959 EXPECT_OK(rc);
960 if (rc == 0) {
961 // Child: immediately terminate.
962 exit(0);
963 }
964
965 rc = pdfork(&fd, 0);
966 EXPECT_OK(rc);
967 if (rc == 0) {
968 // Child: immediately terminate.
969 exit(0);
970 }
971 }
972
TEST(Pdfork,MissingRights)973 TEST(Pdfork, MissingRights) {
974 pid_t parent = getpid_();
975 int pd = -1;
976 pid_t pid = pdfork(&pd, 0);
977 EXPECT_OK(pid);
978 if (pid == 0) {
979 // Child: loop forever.
980 EXPECT_NE(parent, getpid_());
981 while (true) sleep(1);
982 }
983 // Create two capabilities from the process descriptor.
984 cap_rights_t r_ro;
985 cap_rights_init(&r_ro, CAP_READ, CAP_LOOKUP);
986 int cap_incapable = dup(pd);
987 EXPECT_OK(cap_incapable);
988 EXPECT_OK(cap_rights_limit(cap_incapable, &r_ro));
989 cap_rights_t r_pdall;
990 cap_rights_init(&r_pdall, CAP_PDGETPID, CAP_PDWAIT, CAP_PDKILL);
991 int cap_capable = dup(pd);
992 EXPECT_OK(cap_capable);
993 EXPECT_OK(cap_rights_limit(cap_capable, &r_pdall));
994
995 pid_t other_pid;
996 EXPECT_NOTCAPABLE(pdgetpid(cap_incapable, &other_pid));
997 EXPECT_NOTCAPABLE(pdkill(cap_incapable, SIGINT));
998 int status;
999 EXPECT_NOTCAPABLE(pdwait4_(cap_incapable, &status, 0, NULL));
1000
1001 EXPECT_OK(pdgetpid(cap_capable, &other_pid));
1002 EXPECT_EQ(pid, other_pid);
1003 EXPECT_OK(pdkill(cap_capable, SIGINT));
1004 int rc = pdwait4_(pd, &status, 0, NULL);
1005 EXPECT_OK(rc);
1006 EXPECT_EQ(pid, rc);
1007 }
1008
1009
1010 //------------------------------------------------
1011 // Passing process descriptors between processes.
1012
TEST_F(PipePdfork,PassProcessDescriptor)1013 TEST_F(PipePdfork, PassProcessDescriptor) {
1014 int sock_fds[2];
1015 EXPECT_OK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds));
1016
1017 struct msghdr mh;
1018 mh.msg_name = NULL; // No address needed
1019 mh.msg_namelen = 0;
1020 char buffer1[1024];
1021 struct iovec iov[1];
1022 iov[0].iov_base = buffer1;
1023 iov[0].iov_len = sizeof(buffer1);
1024 mh.msg_iov = iov;
1025 mh.msg_iovlen = 1;
1026 char buffer2[1024];
1027 mh.msg_control = buffer2;
1028 mh.msg_controllen = sizeof(buffer2);
1029 struct cmsghdr *cmptr;
1030
1031 if (verbose) fprintf(stderr, "[%d] about to fork()\n", getpid_());
1032 pid_t child2 = fork();
1033 if (child2 == 0) {
1034 // Child: close our copy of the original process descriptor.
1035 close(pd_);
1036 SEND_INT_MESSAGE(sock_fds[0], MSG_CHILD_STARTED);
1037 // Child: wait to receive process descriptor over socket
1038 if (verbose) fprintf(stderr, " [%d] child of %d waiting for process descriptor on socket\n", getpid_(), getppid());
1039 int rc = recvmsg(sock_fds[0], &mh, 0);
1040 EXPECT_OK(rc);
1041 EXPECT_LE(CMSG_LEN(sizeof(int)), mh.msg_controllen);
1042 cmptr = CMSG_FIRSTHDR(&mh);
1043 int pd = *(int*)CMSG_DATA(cmptr);
1044 EXPECT_EQ(CMSG_LEN(sizeof(int)), cmptr->cmsg_len);
1045 cmptr = CMSG_NXTHDR(&mh, cmptr);
1046 EXPECT_TRUE(cmptr == NULL);
1047 if (verbose) fprintf(stderr, " [%d] got process descriptor %d on socket\n", getpid_(), pd);
1048 SEND_INT_MESSAGE(sock_fds[0], MSG_CHILD_FD_RECEIVED);
1049
1050 // Child: confirm we can do pd*() operations on the process descriptor
1051 pid_t other;
1052 EXPECT_OK(pdgetpid(pd, &other));
1053 if (verbose) fprintf(stderr, " [%d] process descriptor %d is pid %d\n", getpid_(), pd, other);
1054
1055 // Wait until the parent has closed the process descriptor.
1056 AWAIT_INT_MESSAGE(sock_fds[0], MSG_PARENT_CLOSED_FD);
1057
1058 if (verbose) fprintf(stderr, " [%d] close process descriptor %d\n", getpid_(), pd);
1059 close(pd);
1060
1061 // Last process descriptor closed, expect death
1062 EXPECT_PID_DEAD(other);
1063
1064 exit(HasFailure());
1065 }
1066 // Wait until the child has started.
1067 AWAIT_INT_MESSAGE(sock_fds[1], MSG_CHILD_STARTED);
1068
1069 // Send the process descriptor over the pipe to the sub-process
1070 mh.msg_controllen = CMSG_LEN(sizeof(int));
1071 cmptr = CMSG_FIRSTHDR(&mh);
1072 cmptr->cmsg_level = SOL_SOCKET;
1073 cmptr->cmsg_type = SCM_RIGHTS;
1074 cmptr->cmsg_len = CMSG_LEN(sizeof(int));
1075 *(int *)CMSG_DATA(cmptr) = pd_;
1076 buffer1[0] = 0;
1077 iov[0].iov_len = 1;
1078 if (verbose) fprintf(stderr, "[%d] send process descriptor %d on socket\n", getpid_(), pd_);
1079 int rc = sendmsg(sock_fds[1], &mh, 0);
1080 EXPECT_OK(rc);
1081 // Wait until the child has received the process descriptor.
1082 AWAIT_INT_MESSAGE(sock_fds[1], MSG_CHILD_FD_RECEIVED);
1083
1084 if (verbose) fprintf(stderr, "[%d] close process descriptor %d\n", getpid_(), pd_);
1085 close(pd_); // Not last open process descriptor
1086 SEND_INT_MESSAGE(sock_fds[1], MSG_PARENT_CLOSED_FD);
1087
1088 // wait for child2
1089 int status;
1090 EXPECT_EQ(child2, waitpid(child2, &status, __WALL));
1091 rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
1092 EXPECT_EQ(0, rc);
1093
1094 // confirm death all round
1095 EXPECT_PID_DEAD(child2);
1096 EXPECT_PID_DEAD(pid_);
1097 }
1098