configurable entrypoints

[cgwalters]

I'd like to have something like this:

In setup code:

fn main() { 
  // stand-in for real isolation, could set up seccomp, fork off and re-exec ourselves again using e.g. https://github.com/containers/bubblewrap or systemd-run or whatever
  procspawn::init_config("isolated", || libc::setuid(1000));
  // This is the default config
  procspawn::init();

Then, in the client code we can conveniently dispatch into these distinct process configurations:

// A task we want to be isolated; e.g. fetch a URL via HTTP, or perform some computation, or whatever
procspawn::spawn_config("isolated", || reqwest::get("https://example.com"));
// A task which runs with default process privileges
procspawn::spawn(|| std::fs::write("/etc/someconfig.conf", "somevalue"));

[cgwalters]

(Hmm, maybe instead of a string a serializable enum would be more elegant and typo-resistant)

[mitsuhiko]

I can see this being useful but putting this into the system might be quite complex. I would be open to a pull request if you can find a way to make this work but at the moment I don't think I would be working on something like that.

[cgwalters]

Thanks for the reply! Yeah I'd be happy to work on this myself; just wanted to gauge feedback with an issue before showing up with a PR.

That said, I'm still evaluating whether I want to use this crate for the project I have in mind or not. It's good code, but it operates at a pretty high level of abstraction which has both advantages and disadvantages. The ipc-channel crate is also I think good code in general but it's also pretty "dated" Rust code now; it hand-rolls things like socket credentials instead of depending on nix (or hopefully eventually rustix with I/O safety).

Really unrelated to this issue but since we already have a communication channel open here; another thing that gives me a bit of a pause is the findshlibs approach - it's quite clever but I was thinking about taking an approach instead of using linkme to define a dispatch table instead - this avoids a lot of the potential for unsafety if we some how end up executing a different binary version.

[mitsuhiko]

Generally the state of IPC in Rust is pretty dire. I tried to make a unix only experimental alternative to IPC channel in the past (unix-ipc) but it takes a lot of time to maintain and to resolve some issues like timeouts you kinda need async given the ecosystem.

I think in general there are better ways to do this but the main issues with procspawn are the underlying IPC system which is largely unresolved. findshlibs I think is pretty okay. It mainly exists here to ensure nobody does anything nonsensical with dynamically loaded code.

[cgwalters]

Generally the state of IPC in Rust is pretty dire.

Hmm, I wouldn't say that! There's a lot of good stuff out there. serde is a powerful piece, and we have (via nix now) high level mostly safe bindings to thinks like SCM_RIGHTS fd passing etc. (I know you know all this, so I'm not sure why you say it's dire)

I tried to make a unix only experimental alternative to IPC channel in the past (unix-ipc) but it takes a lot of time to maintain and to resolve some issues like timeouts you kinda need async given the ecosystem.

OK I was further digging and discovered you also did https://github.com/mitsuhiko/tokio-unix-ipc/

Glancing at that code, I like what i see.