From 698f8c2f01ea549d77d7dc3338a12e04c11057b9 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 14:02:58 +0200
Subject: Adding upstream version 1.64.0+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/test/ui/command/command-create-pidfd.rs | 56 +++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 src/test/ui/command/command-create-pidfd.rs

(limited to 'src/test/ui/command/command-create-pidfd.rs')

diff --git a/src/test/ui/command/command-create-pidfd.rs b/src/test/ui/command/command-create-pidfd.rs
new file mode 100644
index 000000000..4df443c66
--- /dev/null
+++ b/src/test/ui/command/command-create-pidfd.rs
@@ -0,0 +1,56 @@
+// run-pass
+// only-linux - pidfds are a linux-specific concept
+
+#![feature(linux_pidfd)]
+#![feature(rustc_private)]
+
+extern crate libc;
+
+use std::io::Error;
+use std::os::linux::process::{ChildExt, CommandExt};
+use std::process::Command;
+
+fn has_clone3() -> bool {
+    let res = unsafe { libc::syscall(libc::SYS_clone3, 0, 0) };
+    let err = (res == -1)
+        .then(|| Error::last_os_error())
+        .expect("probe syscall should not succeed");
+
+    // If the `clone3` syscall is not implemented in the current kernel version it should return an
+    // `ENOSYS` error. Docker also blocks the whole syscall inside unprivileged containers, and
+    // returns `EPERM` (instead of `ENOSYS`) when a program tries to invoke the syscall. Because of
+    // that we need to check for *both* `ENOSYS` and `EPERM`.
+    //
+    // Note that Docker's behavior is breaking other projects (notably glibc), so they're planning
+    // to update their filtering to return `ENOSYS` in a future release:
+    //
+    //     https://github.com/moby/moby/issues/42680
+    //
+    err.raw_os_error() != Some(libc::ENOSYS) && err.raw_os_error() != Some(libc::EPERM)
+}
+
+fn main() {
+    // pidfds require the clone3 syscall
+    if !has_clone3() {
+        return;
+    }
+
+    // We don't assert the precise value, since the standard library
+    // might have opened other file descriptors before our code runs.
+    let _ = Command::new("echo")
+        .create_pidfd(true)
+        .spawn()
+        .unwrap()
+        .pidfd().expect("failed to obtain pidfd");
+
+    let _ = Command::new("echo")
+        .create_pidfd(false)
+        .spawn()
+        .unwrap()
+        .pidfd().expect_err("pidfd should not have been created when create_pid(false) is set");
+
+    let _ = Command::new("echo")
+        .spawn()
+        .unwrap()
+        .pidfd().expect_err("pidfd should not have been created");
+}
-- 
cgit v1.2.3