Skip to content

Deprecate unshare and add unshare_unsafe. #1482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 15, 2025
Merged

Deprecate unshare and add unshare_unsafe. #1482

merged 1 commit into from
Jul 15, 2025
+28 −5

Conversation

sunfishcode
Copy link
Member

As pointed out in #1479, unshare can lead to threads observing dangling file descriptors. Deprecate it, and add a new unshare_unsafe that's unsafe, to reflect this.

Fixes #1479.

@sunfishcode
Deprecate unshare and add unshare_unsafe.
df0cf66 
As pointed out in #1479, `unshare` can lead to threads observing
dangling file descriptors. Deprecate it, and add a new `unshare_unsafe`
that's unsafe, to reflect this.

Fixes #1479.
@sunfishcode sunfishcode mentioned this pull request Jun 28, 2025
Closed
@rusty-snake rusty-snake mentioned this pull request Jun 28, 2025
Draft
@allisonkarlitskaya
Copy link

I think unsharing the userns (because it only works in single-threaded programs) and mount namespace (because it only impacts the world outside of the program) are probably safe... probably pid as well, for both of those reasons...

@sunfishcode
Copy link
Member Author

Yes, there are safe subsets of the function, but safety has to applies to the whole function. This comment mentions the idea of adding new more specialized functions which can be safe, and that sounds like a good approach.

@sunfishcode sunfishcode reopened this Jun 29, 2025
@sunfishcode sunfishcode merged commit 6f86d18 into main Jul 15, 2025
62 of 100 checks passed
@sunfishcode sunfishcode deleted the sunfishcode/j-unshare-unsafe branch July 15, 2025 14:48
sunfishcode added a commit that referenced this pull request Jul 15, 2025
@sunfishcode
Deprecate unshare and add unshare_unsafe. (#1482)
71b52eb 
As pointed out in #1479, `unshare` can lead to threads observing
dangling file descriptors. Deprecate it, and add a new `unshare_unsafe`
that's unsafe, to reflect this.

Fixes #1479.
sunfishcode added a commit that referenced this pull request Jul 15, 2025
@sunfishcode
Deprecate unshare and add unshare_unsafe. (#1482)
77151a7 
As pointed out in #1479, `unshare` can lead to threads observing
dangling file descriptors. Deprecate it, and add a new `unshare_unsafe`
that's unsafe, to reflect this.

Fixes #1479.
@sunfishcode
Copy link
Member Author

This is now released in rustix 1.0.8.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

rustix::thread::unshare(UnshareFlags::FILES) can violate io_safety
2 participants
@sunfishcode @allisonkarlitskaya