add std::os::unix::process::CommandExt::fd

Author: Qelxiros

library/std/src/os/unix/process.rs

@@ -8,6 +8,7 @@ use crate::ffi::OsStr;
 use crate::os::unix::io::{AsFd, AsRawFd, BorrowedFd, FromRawFd, IntoRawFd, OwnedFd, RawFd};
 use crate::path::Path;
 use crate::sealed::Sealed;
+use crate::sys::{cvt, cvt_r};
 use crate::sys_common::{AsInner, AsInnerMut, FromInner, IntoInner};
 use crate::{io, process, sys};
 
@@ -213,6 +214,84 @@ pub trait CommandExt: Sealed {
 
     #[unstable(feature = "process_setsid", issue = "105376")]
     fn setsid(&mut self, setsid: bool) -> &mut process::Command;
+
+    /// Pass a file descriptor to a child process.
+    ///
+    /// Getting this right is tricky. It is recommended to provide further information to the child
+    /// process by some other mechanism. This could be an argument confirming file descriptors that
+    /// the child can use, device/inode numbers to allow for sanity checks, or something similar.
+    ///
+    /// If `new_fd` is an open file descriptor and closing it would produce one or more errors,
+    /// those errors will be lost when this function is called. See
+    /// [`man 2 dup`](https://www.man7.org/linux/man-pages/man2/dup.2.html#NOTES) for more information.
+    ///
+    /// ```
+    /// #![feature(command_pass_fds)]
+    ///
+    /// use std::process::{Command, Stdio};
+    /// use std::os::fd::process::CommandExt;
+    /// use std::io::{self, Write};
+    ///
+    /// # fn main() -> io::Result<()> {
+    /// let (pipe_reader, mut pipe_writer) = io::pipe()?;
+    ///
+    /// let fd_num = 123;
+    ///
+    /// let mut cmd = Command::new("cat");
+    /// cmd.arg(format!("/dev/fd/{fd_num}")).stdout(Stdio::piped()).fd(fd_num, pipe_reader);
+    ///
+    /// let mut child = cmd.spawn()?;
+    /// let mut stdout = child.stdout.take().unwrap();
+    ///
+    /// pipe_writer.write_all(b"Hello, world!")?;
+    /// drop(pipe_writer);
+    ///
+    /// child.wait()?;
+    /// assert_eq!(io::read_to_string(&mut stdout)?, "Hello, world!");
+    ///
+    /// # Ok(())
+    /// # }
+    /// ```
+    ///
+    /// If this method is called multiple times with the same `new_fd`, all but one file descriptor
+    /// will be lost.
+    ///
+    /// ```
+    /// #![feature(command_pass_fds)]
+    ///
+    /// use std::process::{Command, Stdio};
+    /// use std::os::fd::process::CommandExt;
+    /// use std::io::{self, Write};
+    ///
+    /// # fn main() -> io::Result<()> {
+    /// let (pipe_reader1, mut pipe_writer1) = io::pipe()?;
+    /// let (pipe_reader2, mut pipe_writer2) = io::pipe()?;
+    ///
+    /// let fd_num = 123;
+    ///
+    /// let mut cmd = Command::new("cat");
+    /// cmd.arg(format!("/dev/fd/{fd_num}"))
+    ///     .stdout(Stdio::piped())
+    ///     .fd(fd_num, pipe_reader1)
+    ///     .fd(fd_num, pipe_reader2);
+    ///
+    /// let mut child = cmd.spawn()?;
+    /// let mut stdout = child.stdout.take().unwrap();
+    ///
+    /// pipe_writer1.write_all(b"Hello from pipe 1!")?;
+    /// drop(pipe_writer1);
+    ///
+    /// pipe_writer2.write_all(b"Hello from pipe 2!")?;
+    /// drop(pipe_writer2);
+    ///
+    /// child.wait()?;
+    /// assert_eq!(io::read_to_string(&mut stdout)?, "Hello from pipe 2!");
+    ///
+    /// # Ok(())
+    /// # }
+    /// ```
+    #[unstable(feature = "command_pass_fds", issue = "144989")]
+    fn fd(&mut self, new_fd: RawFd, old_fd: impl Into<OwnedFd>) -> &mut Self;
 }
 
 #[stable(feature = "rust1", since = "1.0.0")]
@@ -268,6 +347,19 @@ impl CommandExt for process::Command {
         self.as_inner_mut().setsid(setsid);
         self
     }
+
+    fn fd(&mut self, new_fd: RawFd, old_fd: impl Into<OwnedFd>) -> &mut Self {
+        let old = old_fd.into();
+        unsafe {
+            self.pre_exec(move || {
+                cvt_r(|| libc::dup2(old.as_raw_fd(), new_fd))?;
+                let flags = cvt(libc::fcntl(new_fd, libc::F_GETFD))?;
+                cvt(libc::fcntl(new_fd, libc::F_SETFD, flags & !libc::FD_CLOEXEC))?;
+                cvt_r(|| libc::close(old.as_raw_fd()))?;
+                Ok(())
+            })
+        }
+    }
 }
 
 /// Unix-specific extensions to [`process::ExitStatus`] and

library/std/src/sys/process/unix/unix/tests.rs

@@ -1,10 +1,20 @@
+use crate::fs;
+use crate::io::{self, Write};
+use crate::os::raw;
+use crate::os::unix::fs::MetadataExt;
+use crate::os::unix::io::AsRawFd;
 use crate::os::unix::process::{CommandExt, ExitStatusExt};
 use crate::panic::catch_unwind;
-use crate::process::Command;
+use crate::process::{Command, Stdio};
 
 // Many of the other aspects of this situation, including heap alloc concurrency
 // safety etc., are tested in tests/ui/process/process-panic-after-fork.rs
 
+/// Use dev + ino to uniquely identify a file
+fn md_file_id(md: &fs::Metadata) -> (u64, u64) {
+    (md.dev(), md.ino())
+}
+
 #[test]
 fn exitstatus_display_tests() {
     // In practice this is the same on every Unix.
@@ -73,3 +83,76 @@ fn test_command_fork_no_unwind() {
             || signal == libc::SIGSEGV
     );
 }
+
+#[test]
+fn fd_test_stdin() {
+    let (pipe_reader, mut pipe_writer) = io::pipe().unwrap();
+
+    let fd_num = libc::STDIN_FILENO;
+
+    let mut cmd = Command::new("cat");
+    cmd.stdout(Stdio::piped()).fd(fd_num, pipe_reader);
+
+    let mut child = cmd.spawn().unwrap();
+    let mut stdout = child.stdout.take().unwrap();
+
+    pipe_writer.write_all(b"Hello, world!").unwrap();
+    drop(pipe_writer);
+
+    child.wait().unwrap();
+    assert_eq!(io::read_to_string(&mut stdout).unwrap(), "Hello, world!");
+}
+
+#[test]
+fn fd_test_swap() {
+    let (pipe_reader1, mut pipe_writer1) = io::pipe().unwrap();
+    let (pipe_reader2, mut pipe_writer2) = io::pipe().unwrap();
+
+    let num1 = pipe_reader1.as_raw_fd();
+    let num2 = pipe_reader2.as_raw_fd();
+
+    let mut cmd = Command::new("cat");
+    cmd.arg(format!("/dev/fd/{num1}"))
+        .arg(format!("/dev/fd/{num2}"))
+        .stdout(Stdio::piped())
+        .fd(num2, pipe_reader1)
+        .fd(num1, pipe_reader2);
+
+    let mut child = cmd.spawn().unwrap();
+    let mut stdout = child.stdout.take().unwrap();
+
+    pipe_writer1.write_all(b"Hello from pipe 1!").unwrap();
+    drop(pipe_writer1);
+
+    pipe_writer2.write_all(b"Hello from pipe 2!").unwrap();
+    drop(pipe_writer2);
+
+    child.wait().unwrap();
+    // the second pipe's output is clobbered; this is expected.
+    assert_eq!(io::read_to_string(&mut stdout).unwrap(), "Hello from pipe 1!");
+}
+
+// ensure that the fd is properly closed in the parent, but only after the child is spawned.
+#[test]
+fn fd_test_close_time() {
+    let (_pipe_reader, pipe_writer) = io::pipe().unwrap();
+
+    let fd = pipe_writer.as_raw_fd();
+    let fd_path = format!("/dev/fd/{fd}");
+
+    let mut cmd = Command::new("true");
+    cmd.fd(123, pipe_writer);
+
+    // Get the identifier of the fd (metadata follows symlinks)
+    let fd_id = md_file_id(&fs::metadata(&fd_path).expect("fd should be open"));
+
+    cmd.spawn().unwrap().wait().unwrap();
+
+    // After the child is spawned, our fd should be closed
+    match fs::metadata(&fd_path) {
+        // Ok; fd exists but points to a different file
+        Ok(md) => assert_ne!(md_file_id(&md), fd_id),
+        // Ok; fd does not exist
+        Err(_) => (),
+    }
+}