summary refs log tree commit diff
path: root/library/std/src/os
AgeCommit message (Collapse)AuthorLines
2021-09-02Rollup merge of #88177 - joshtriplett:stabilize-chroot, r=m-ou-seMara Bos-2/+1
Stabilize std::os::unix::fs::chroot I've verified that this works as documented, and I've tested it in (a nightly build of) production software as a replacement for an unsafe call to `libc::chroot`. It's been available in nightly for a few releases. I think it's ready to stabilize. --- Tracking issue: https://github.com/rust-lang/rust/issues/84715
2021-08-25Reference tracking issueThom Chiovoloni-2/+2
2021-08-25Add `c_size_t` and `c_ssize_t` to `std::os::raw`.Thom Chiovoloni-0/+14
2021-08-23Rollup merge of #88230 - steffahn:a_an, r=oli-obkMara Bos-3/+3
Fix typos “a”→“an” Fix typos in comments; found using a regex to find some easy instance of incorrect usage of a vs. an. While automation was used to find these, every change was checked manually. Changes in submodules get separate PRs: * https://github.com/rust-lang/stdarch/pull/1201 * https://github.com/rust-lang/cargo/pull/9821 * https://github.com/rust-lang/miri/pull/1874 * https://github.com/rust-lang/rls/pull/1746 * https://github.com/rust-analyzer/rust-analyzer/pull/9984 _folks @ rust-analyzer are fast at merging…_ * https://github.com/rust-analyzer/rust-analyzer/pull/9985 * https://github.com/rust-analyzer/rust-analyzer/pull/9987 * https://github.com/rust-analyzer/rust-analyzer/pull/9989 _For `clippy`, I don’t know if the changes should better better be moved to a PR to the original repo._ <hr> This has some overlap with #88226, but neither is a strict superset of the other. If you want multiple commits, I can split it up; in that case, make sure to suggest a criterion for splitting.
2021-08-22Remove redundant conversions.Dan Gohman-2/+2
2021-08-22Fix typos “a”→“an”Frank Steffahn-3/+3
2021-08-21Implement `AsFd` etc. for `UnixListener`.Dan Gohman-1/+25
Implement `AsFd`, `From<OwnedFd>`, and `Into<OwnedFd>` for `UnixListener`. This is a follow-up to #87329.
2021-08-19Stabilize std::os::unix::fs::chrootJosh Triplett-2/+1
2021-08-19Fix doc test failures on Windows.Dan Gohman-1/+7
2021-08-19Factor out a common `RawFd`/`AsRawFd`/etc for Unix and WASI.Dan Gohman-490/+286
2021-08-19Fix syntax for non-doc comments, and use `crate::` instead of `std::`.Dan Gohman-6/+6
2021-08-19Add I/O safety trait impls for process::Stdio and process::Child.Dan Gohman-2/+36
2021-08-19Update PidFd for the new I/O safety APIs.Dan Gohman-4/+22
2021-08-19Rename OptionFileHandle to HandleOrInvalid and make it just wrap an ↵Dan Gohman-80/+38
Option<OwnedHandle> The name (and updated documentation) make the FFI-only usage clearer, and wrapping Option<OwnedHandle> avoids the need to write a separate Drop or Debug impl. Co-authored-by: Josh Triplett <josh@joshtriplett.org>
2021-08-19Don't encourage migration until io_safety is stablized.Dan Gohman-7/+8
2021-08-19Factor out Unix and WASI fd code into a common module.Dan Gohman-560/+298
2021-08-19Synchronize minor differences between Unix and WASI implementations.Dan Gohman-7/+9
2021-08-19Add more comments about the `INVALID_HANDLE_VALUE` situation.Dan Gohman-12/+30
2021-08-19Fix copypasta of "Unix" within the WASI directory.Dan Gohman-1/+1
2021-08-19Reword the description of dup2/dup3.Dan Gohman-1/+1
2021-08-19Add Safety comments to the `As*` for `Owned*` implementations.Dan Gohman-0/+12
2021-08-19Add Owned*, Borrowed*, and As* to the preludes.Dan Gohman-4/+7
2021-08-19Rename `OwnedFd`'s private field to match it's debug output.Dan Gohman-85/+86
2021-08-19Delete a spurious empty comment line.Dan Gohman-1/+0
2021-08-19Add a comment about how `OwnedHandle` should not be used with registry handles.Dan Gohman-2/+15
2021-08-19Add a comment about `OptionFileHandle`.Dan Gohman-0/+4
2021-08-19Be more precise about `mmap` and undefined behavior.Dan Gohman-3/+3
`mmap` doesn't *always* cause undefined behavior; it depends on the details of how you use it.
2021-08-19Add a test to ensure that RawFd is the size we assume it is.Dan Gohman-0/+30
2021-08-19Update library/std/src/os/windows/io/socket.rsDan Gohman-1/+1
Co-authored-by: Josh Triplett <josh@joshtriplett.org>
2021-08-19Update library/std/src/os/windows/io/handle.rsDan Gohman-1/+1
Co-authored-by: Josh Triplett <josh@joshtriplett.org>
2021-08-19Update library/std/src/os/unix/io/fd.rsDan Gohman-1/+1
Co-authored-by: Josh Triplett <josh@joshtriplett.org>
2021-08-19I/O safety.Dan Gohman-153/+1569
Introduce `OwnedFd` and `BorrowedFd`, and the `AsFd` trait, and implementations of `AsFd`, `From<OwnedFd>` and `From<T> for OwnedFd` for relevant types, along with Windows counterparts for handles and sockets. Tracking issue: - <https://github.com/rust-lang/rust/issues/87074> RFC: - <https://github.com/rust-lang/rfcs/blob/master/text/3128-io-safety.md>
2021-08-18Rollup merge of #88012 - sunfishcode:sunfishcode/wasi-raw-fd-c-int, ↵Guillaume Gomez-7/+14
r=alexcrichton Change WASI's `RawFd` from `u32` to `c_int` (`i32`). WASI previously used `u32` as its `RawFd` type, since its "file descriptors" are unsigned table indices, and there's no fundamental reason why WASI can't have more than 2^31 handles. However, this creates myriad little incompability problems with code that also supports Unix platforms, where `RawFd` is `c_int`. While WASI isn't a Unix, it often shares code with Unix, and this difference made such shared code inconvenient. #87329 is the most recent example of such code. So, switch WASI to use `c_int`, which is `i32`. This will mean that code intending to support WASI should ideally avoid assuming that negative file descriptors are invalid, even though POSIX itself says that file descriptors are never negative. This is a breaking change, but `RawFd` is considerd an experimental feature in [the documentation]. [the documentation]: https://doc.rust-lang.org/stable/std/os/wasi/io/type.RawFd.html r? `@alexcrichton`
2021-08-13Change WASI's `RawFd` from `u32` to `c_int` (`i32`).Dan Gohman-7/+14
WASI previously used `u32` as its `RawFd` type, since its "file descriptors" are unsigned table indices, and there's no fundamental reason why WASI can't have more than 2^31 handles. However, this creates myriad little incompability problems with code that also supports Unix platforms, where `RawFd` is `c_int`. While WASI isn't a Unix, it often shares code with Unix, and this difference made such shared code inconvenient. #87329 is the most recent example of such code. So, switch WASI to use `c_int`, which is `i32`. This will mean that code intending to support WASI should ideally avoid assuming that negative file descriptors are invalid, even though POSIX itself says that file descriptors are never negative. This is a breaking change, but `RawFd` is considerd an experimental feature in [the documentation]. [the documentation]: https://doc.rust-lang.org/stable/std/os/wasi/io/type.RawFd.html
2021-08-10STD support for the ESP-IDF frameworkivmarkov-0/+196
2021-08-04Re-use std::sealed::Sealed in os/linux/process.Mara Bos-12/+3
2021-08-01Auto merge of #81825 - voidc:pidfd, r=joshtriplettbors-0/+155
Add Linux-specific pidfd process extensions (take 2) Continuation of #77168. I addressed the following concerns from the original PR: - make `CommandExt` and `ChildExt` sealed traits - wrap file descriptors in `PidFd` struct representing ownership over the fd - add `take_pidfd` to take the fd out of `Child` - close fd when dropped Tracking Issue: #82971
2021-08-01Add dummy FileDesc struct for doc targetDominik Stolz-0/+4
2021-07-29Fix may not to appropriate might not or must notAli Malik-2/+2
2021-07-24netbsd enabled ucredDavid Carlier-2/+16
2021-07-21Add tracking issue and link to man-pageDominik Stolz-2/+3
2021-07-21Add PidFd type and seal traitsDominik Stolz-22/+124
Improve docs Split do_fork into two Make do_fork unsafe Add target attribute to create_pidfd field in Command Add method to get create_pidfd value
2021-07-21Add Linux-specific pidfd process extensionsAaron Hill-0/+48
Background: Over the last year, pidfd support was added to the Linux kernel. This allows interacting with other processes. In particular, this allows waiting on a child process with a timeout in a race-free way, bypassing all of the awful signal-handler tricks that are usually required. Pidfds can be obtained for a child process (as well as any other process) via the `pidfd_open` syscall. Unfortunately, this requires several conditions to hold in order to be race-free (i.e. the pid is not reused). Per `man pidfd_open`: ``` · the disposition of SIGCHLD has not been explicitly set to SIG_IGN (see sigaction(2)); · the SA_NOCLDWAIT flag was not specified while establishing a han‐ dler for SIGCHLD or while setting the disposition of that signal to SIG_DFL (see sigaction(2)); and · the zombie process was not reaped elsewhere in the program (e.g., either by an asynchronously executed signal handler or by wait(2) or similar in another thread). If any of these conditions does not hold, then the child process (along with a PID file descriptor that refers to it) should instead be created using clone(2) with the CLONE_PIDFD flag. ``` Sadly, these conditions are impossible to guarantee once any libraries are used. For example, C code runnng in a different thread could call `wait()`, which is impossible to detect from Rust code trying to open a pidfd. While pid reuse issues should (hopefully) be rare in practice, we can do better. By passing the `CLONE_PIDFD` flag to `clone()` or `clone3()`, we can obtain a pidfd for the child process in a guaranteed race-free manner. This PR: This PR adds Linux-specific process extension methods to allow obtaining pidfds for processes spawned via the standard `Command` API. Other than being made available to user code, the standard library does not make use of these pidfds in any way. In particular, the implementation of `Child::wait` is completely unchanged. Two Linux-specific helper methods are added: `CommandExt::create_pidfd` and `ChildExt::pidfd`. These methods are intended to serve as a building block for libraries to build higher-level abstractions - in particular, waiting on a process with a timeout. I've included a basic test, which verifies that pidfds are created iff the `create_pidfd` method is used. This test is somewhat special - it should always succeed on systems with the `clone3` system call available, and always fail on systems without `clone3` available. I'm not sure how to best ensure this programatically. This PR relies on the newer `clone3` system call to pass the `CLONE_FD`, rather than the older `clone` system call. `clone3` was added to Linux in the same release as pidfds, so this shouldn't unnecessarily limit the kernel versions that this code supports. Unresolved questions: * What should the name of the feature gate be for these newly added methods? * Should the `pidfd` method distinguish between an error occurring and `create_pidfd` not being called?
2021-07-12Add tracking issue number to `wasi_ext`Benoît du Garreau-2/+2
2021-07-09Use AsRef in CommandExt for raw_argKornel-3/+3
2021-07-09Unescaped command-line arguments for WindowsKornel-0/+13
Fixes #29494
2021-07-06Rollup merge of #83581 - arennow:dir_entry_ext_unix_borrow_name, r=m-ou-seYuki Okushi-0/+39
Add std::os::unix::fs::DirEntryExt2::file_name_ref(&self) -> &OsStr Greetings! This is my first PR here, so please forgive me if I've missed an important step or otherwise done something wrong. I'm very open to suggestions/fixes/corrections. This PR adds a function that allows `std::fs::DirEntry` to vend a borrow of its filename on Unix platforms, which is especially useful for sorting. (Windows has (as I understand it) encoding differences that require an allocation.) This new function sits alongside the cross-platform [`file_name(&self) -> OsString`](https://doc.rust-lang.org/std/fs/struct.DirEntry.html#method.file_name) function. I pitched this idea in an [internals thread](https://internals.rust-lang.org/t/allow-std-direntry-to-vend-borrows-of-its-filename/14328/4), and no one objected vehemently, so here we are. I understand features in general, I believe, but I'm not at all confident that my whole-cloth invention of a new feature string (as required by the compiler) was correct (or that the name is appropriate). Further, there doesn't appear to be a test for the sibling `ino` function, so I didn't add one for this similarly trivial function either. If it's desirable that I should do so, I'd be happy to [figure out how to] do that. The following is a trivial sample of a use-case for this function, in which directory entries are sorted without any additional allocations: ```rust use std::os::unix::fs::DirEntryExt; use std::{fs, io}; fn main() -> io::Result<()> { let mut entries = fs::read_dir(".")?.collect::<Result<Vec<_>, io::Error>>()?; entries.sort_unstable_by(|a, b| a.file_name_ref().cmp(b.file_name_ref())); for p in entries { println!("{:?}", p); } Ok(()) } ```
2021-07-05Enable dir_entry_ext2 feature in doc test.Mara Bos-0/+1
Co-authored-by: Yuki Okushi <jtitor@2k36.org>
2021-07-02Auto merge of #85746 - m-ou-se:io-error-other, r=joshtriplettbors-1/+2
Redefine `ErrorKind::Other` and stop using it in std. This implements the idea I shared yesterday in the libs meeting when we were discussing how to handle adding new `ErrorKind`s to the standard library: This redefines `Other` to be for *user defined errors only*, and changes all uses of `Other` in the standard library to a `#[doc(hidden)]` and permanently `#[unstable]` `ErrorKind` that users can not match on. This ensures that adding `ErrorKind`s at a later point in time is not a breaking change, since the user couldn't match on these errors anyway. This way, we use the `#[non_exhaustive]` property of the enum in a more effective way. Open questions: - How do we check this change doesn't cause too much breakage? Will a crate run help and be enough? - How do we ensure we don't accidentally start using `Other` again in the standard library? We don't have a `pub(not crate)` or `#[deprecated(in this crate only)]`. cc https://github.com/rust-lang/rust/pull/79965 cc `@rust-lang/libs` `@ijackson` r? `@dtolnay`
2021-06-25Fix a few misspellings.Eric Huss-1/+1