Reduce size of unsafe blocks to the required minimum

serpent-os · Jan 21, 2025 · bae0f0a · bae0f0a
1 parent a56eac8
commit bae0f0a
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 32 deletions.
diff --git a/crates/container/src/lib.rs b/crates/container/src/lib.rs
@@ -124,33 +124,27 @@ impl Container {
         }
 
         let sync_raw = (sync_r.as_raw_fd(), sync_w.as_raw_fd());
-        let pid = unsafe {
-            clone(
-                Box::new(|| match enter(&self, sync_raw, &mut f) {
-                    Ok(_) => 0,
-                    // Write error back to parent process
-                    Err(error) => {
-                        let error = format_error(error);
-                        let mut pos = 0;
-
-                        while pos < error.len() {
-                            let Ok(len) = write(&sync_w, &error.as_bytes()[pos..]) else {
-                                break;
-                            };
-
-                            pos += len;
-                        }
-
-                        _ = close(sync_w.as_raw_fd());
-
-                        1
-                    }
-                }),
-                &mut *addr_of_mut!(STACK),
-                flags,
-                Some(SIGCHLD),
-            )?
-        };
+        let clone_cb = Box::new(|| match enter(&self, sync_raw, &mut f) {
+            Ok(_) => 0,
+            // Write error back to parent process
+            Err(error) => {
+                let error = format_error(error);
+                let mut pos = 0;
+
+                while pos < error.len() {
+                    let Ok(len) = write(&sync_w, &error.as_bytes()[pos..]) else {
+                        break;
+                    };
+
+                    pos += len;
+                }
+
+                _ = close(sync_w.as_raw_fd());
+
+                1
+            }
+        });
+        let pid = unsafe { clone(clone_cb, &mut *addr_of_mut!(STACK), flags, Some(SIGCHLD))? };
 
         // Update uid / gid map to map current user to root in container
         if rootless {

diff --git a/moss/src/signal.rs b/moss/src/signal.rs
@@ -15,11 +15,13 @@ pub fn ignore(signals: impl IntoIterator<Item = Signal>) -> Result<Guard, Error>
     Ok(Guard(
         signals
             .into_iter()
-            .map(|signal| unsafe {
-                let action = sigaction(
-                    signal,
-                    &SigAction::new(SigHandler::SigIgn, SaFlags::empty(), SigSet::empty()),
-                )
+            .map(|signal| {
+                let action = unsafe {
+                    sigaction(
+                        signal,
+                        &SigAction::new(SigHandler::SigIgn, SaFlags::empty(), SigSet::empty()),
+                    )
+                }
                 .map_err(Error::Ignore)?;
 
                 Ok(PrevHandler { signal, action })