polkit: when spawning off agent, wait until the agent is fully initialized

diff --git a/src/shared/util.c b/src/shared/util.c
index 7f41fc4f5ece08f14e66aa463510029947ffd24b..7778b0a06b9702adaeafcb0810e14a8e9882dea8 100644 (file)
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -6036,7 +6036,7 @@ int fd_inc_rcvbuf(int fd, size_t n) {
         return 1;
 }
 
-int fork_agent(pid_t *pid, const char *path, ...) {
+int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) {
         pid_t parent_pid, agent_pid;
         int fd;
         bool stdout_is_tty, stderr_is_tty;
@@ -6073,7 +6073,7 @@ int fork_agent(pid_t *pid, const char *path, ...) {
                 _exit(EXIT_SUCCESS);
 
         /* Don't leak fds to the agent */
-        close_all_fds(NULL, 0);
+        close_all_fds(except, n_except);
 
         stdout_is_tty = isatty(STDOUT_FILENO);
         stderr_is_tty = isatty(STDERR_FILENO);

diff --git a/src/shared/util.h b/src/shared/util.h
index 5e927df02c69a132703e4978275ecd4d0017b61a..062ab6dd055e00764962997bb2edd8d576d5a78d 100644 (file)
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -529,6 +529,6 @@ int is_kernel_thread(pid_t pid);
 int fd_inc_sndbuf(int fd, size_t n);
 int fd_inc_rcvbuf(int fd, size_t n);
 
-int fork_agent(pid_t *pid, const char *path, ...);
+int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...);
 
 #endif

diff --git a/src/spawn-ask-password-agent.c b/src/spawn-ask-password-agent.c
index 82db08c3a9c4ef84111be29890436eab845184a5..c77c71340c5fe56231fc112538380848e10c31c4 100644 (file)
--- a/src/spawn-ask-password-agent.c
+++ b/src/spawn-ask-password-agent.c
@@ -44,7 +44,10 @@ int ask_password_agent_open(void) {
         if (!isatty(STDIN_FILENO))
                 return 0;
 
-        r = fork_agent(&agent_pid, SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH, SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH, "--watch", NULL);
+        r = fork_agent(&agent_pid,
+                       NULL, 0,
+                       SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH,
+                       SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH, "--watch", NULL);
         if (r < 0)
                 log_error("Failed to fork TTY ask password agent: %s", strerror(-r));
 

diff --git a/src/spawn-polkit-agent.c b/src/spawn-polkit-agent.c
index 0da9abb7e021f684a5f2b5135e0edc4c105e8eff..97bc9f5e9e83ff695f525fa2a47ff3127cc039cb 100644 (file)
--- a/src/spawn-polkit-agent.c
+++ b/src/spawn-polkit-agent.c
@@ -26,6 +26,8 @@
 #include <sys/prctl.h>
 #include <signal.h>
 #include <fcntl.h>
+#include <errno.h>
+#include <sys/poll.h>
 
 #include "log.h"
 #include "util.h"
@@ -35,6 +37,8 @@ static pid_t agent_pid = 0;
 
 int polkit_agent_open(void) {
         int r;
+        int pipe_fd[2];
+        char notify_fd[10 + 1];
 
         if (agent_pid > 0)
                 return 0;
@@ -44,9 +48,27 @@ int polkit_agent_open(void) {
         if (!isatty(STDIN_FILENO))
                 return 0;
 
-        r = fork_agent(&agent_pid, POLKIT_AGENT_BINARY_PATH, POLKIT_AGENT_BINARY_PATH, NULL);
+        if (pipe2(pipe_fd, 0) < 0)
+                return -errno;
+
+        snprintf(notify_fd, sizeof(notify_fd), "%i", pipe_fd[1]);
+        char_array_0(notify_fd);
+
+        r = fork_agent(&agent_pid,
+                       &pipe_fd[1], 1,
+                       POLKIT_AGENT_BINARY_PATH,
+                       POLKIT_AGENT_BINARY_PATH, "--notify-fd", notify_fd, NULL);
+
+        /* Close the writing side, because that's the one for the agent */
+        close_nointr_nofail(pipe_fd[1]);
+
         if (r < 0)
                 log_error("Failed to fork TTY ask password agent: %s", strerror(-r));
+        else
+                /* Wait until the agent closes the fd */
+                fd_wait_for_event(pipe_fd[0], POLLHUP, (usec_t) -1);
+
+        close_nointr_nofail(pipe_fd[0]);
 
         return r;
 }