bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#45198: 28.0.50; Sandbox mode

From: Philipp Stephani
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Tue, 22 Dec 2020 11:57:50 +0100 
Am So., 20. Dez. 2020 um 13:28 Uhr schrieb Philipp Stephani
<p.stephani2@gmail.com>:
>
> > If/when someone implements that, then indeed we can just use a process
> > object to represent the parent in the client as well.
> >
>
> Yes, but again, there's no difference between the standard streams and
> using newly-allocated file descriptors. In both cases, you need a
> variant of Fmake_pipe_process that doesn't call pipe2 twice, but wraps
> two existing file descriptors in its infd and outfd. Whether those
> happen to be 0 and 1 or something passed on the command line makes no
> difference.
> On the parent process side, if you want to use a separate pipe pair,
> you need a way to create a pipe process that doesn't use O_CLOEXEC and
> allows reading out the open file descriptors to be able to pass them
> to the subprocess on the command line.
> These changes aren't large, but they are necessary if you want to go
> the "extra pipe pair" route.

I've played around with this a bit (both with the pipe pair and with
the socketpair approach), but one issue is that Emacs doesn't know
about half-closed processes (that you can only write to, but not read
from). Such a state is crucial because the subprocesses will want to
read the entire input before sending output, which isn't possible if
the output gets closed after EOF from the input (and that's what
wait_reading_process_output does for both pipes and sockets). So we'd
need to introduce the 'half-closed' process state first, which
requires somewhat larger changes to Emacs's process design and
interface.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]