merge: fix parent death signal

author: startx2017 <vradu.startx@yandex.com> 2019-05-29 10:03:51 -0400
committer: startx2017 <vradu.startx@yandex.com> 2019-05-29 10:03:51 -0400
commit: d2faddf343a02a8b822a5f14c52ca0a6fb6053c5 (patch)
tree: 4a11039a145634008669598bdddfefd832f8ae15
parent: merge: Fix incorrect parsing of --keep-var-tmp command (diff)
download: firejail-d2faddf343a02a8b822a5f14c52ca0a6fb6053c5.tar.gz
firejail-d2faddf343a02a8b822a5f14c52ca0a6fb6053c5.tar.zst
firejail-d2faddf343a02a8b822a5f14c52ca0a6fb6053c5.zip
3 files changed, 6 insertions, 9 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c
index 28fd1b290..89eddd8f1 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -295,8 +295,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
                                printf("changing root to %s\n", rootdir);
                }
-                prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
                EUID_USER();
                if (chdir("/") < 0)
                        errExit("chdir");
@@ -390,6 +388,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
                }
                drop_privs(arg_nogroups);
+                prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
                start_application(0, NULL);
                // it will never get here!!!
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 240358923..2ac4952b7 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -856,8 +856,6 @@ int sandbox(void* sandbox_arg) {
        //****************************
        // set application environment
        //****************************
-        prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
        EUID_USER();
        int cwd = 0;
        if (cfg.cwd) {
@@ -1004,6 +1002,7 @@ int sandbox(void* sandbox_arg) {
        // drop privileges, fork the application and monitor it
        //****************************************
        drop_privs(arg_nogroups);
+        prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
        pid_t app_pid = fork();
        if (app_pid == -1)
                errExit("fork");
@@ -1021,9 +1020,8 @@ int sandbox(void* sandbox_arg) {
                                printf("AppArmor enabled\n");
                }
 #endif
+                // start app
-                prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
+                start_application(0, fp);
-                start_application(0, fp);       // start app
        }
        fclose(fp);
diff --git a/status b/status
index 6f1823530..a2d6fc116 100644
--- a/status
+++ b/status
@@ -1,8 +1,8 @@
-todo: Jan 13: ffix parent death signal
+Jan 13: fix parent death signal
 todo: Dec 17: join: also check proc file to detect nonewprivs bit
 todo: Sort items alphabetically in man firejail #2479, Feb 26
 todo: Alphabetical ordering of firecfg.config #2544, Mar 8
-todo: Fix incorrect parsing of --keep-var-tmp command #2587
+Mar 13: Fix incorrect parsing of --keep-var-tmp command #2587
 Mar 13: Avoid including globals.local twice, #2586
 Mar 10: fix --list reporting for sandboxes using --x11=none; to be ported Mar 10
 Mar 10: checking for invalid chars in profile filename before any other proce…
author	startx2017 <vradu.startx@yandex.com>	2019-05-29 10:03:51 -0400
committer	startx2017 <vradu.startx@yandex.com>	2019-05-29 10:03:51 -0400
commit	d2faddf343a02a8b822a5f14c52ca0a6fb6053c5 (patch)
tree	4a11039a145634008669598bdddfefd832f8ae15
parent	merge: Fix incorrect parsing of --keep-var-tmp command (diff)
download	firejail-d2faddf343a02a8b822a5f14c52ca0a6fb6053c5.tar.gz firejail-d2faddf343a02a8b822a5f14c52ca0a6fb6053c5.tar.zst firejail-d2faddf343a02a8b822a5f14c52ca0a6fb6053c5.zip

diff --git a/src/firejail/join.c b/src/firejail/join.c index 28fd1b290..89eddd8f1 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c
@@ -295,8 +295,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
295	printf("changing root to %s\n", rootdir);	295	printf("changing root to %s\n", rootdir);
296	}	296	}
297		297
298	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
299
300	EUID_USER();	298	EUID_USER();
301	if (chdir("/") < 0)	299	if (chdir("/") < 0)
302	errExit("chdir");	300	errExit("chdir");
@@ -390,6 +388,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
390	}	388	}
391		389
392	drop_privs(arg_nogroups);	390	drop_privs(arg_nogroups);
		391	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
393	start_application(0, NULL);	392	start_application(0, NULL);
394		393
395	// it will never get here!!!	394	// it will never get here!!!


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 240358923..2ac4952b7 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -856,8 +856,6 @@ int sandbox(void* sandbox_arg) {
856	//****************************	856	//****************************
857	// set application environment	857	// set application environment
858	//****************************	858	//****************************
859	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
860
861	EUID_USER();	859	EUID_USER();
862	int cwd = 0;	860	int cwd = 0;
863	if (cfg.cwd) {	861	if (cfg.cwd) {
@@ -1004,6 +1002,7 @@ int sandbox(void* sandbox_arg) {
1004	// drop privileges, fork the application and monitor it	1002	// drop privileges, fork the application and monitor it
1005	//****************************************	1003	//****************************************
1006	drop_privs(arg_nogroups);	1004	drop_privs(arg_nogroups);
		1005	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died
1007	pid_t app_pid = fork();	1006	pid_t app_pid = fork();
1008	if (app_pid == -1)	1007	if (app_pid == -1)
1009	errExit("fork");	1008	errExit("fork");
@@ -1021,9 +1020,8 @@ int sandbox(void* sandbox_arg) {
1021	printf("AppArmor enabled\n");	1020	printf("AppArmor enabled\n");
1022	}	1021	}
1023	#endif	1022	#endif
1024		1023	// start app
1025	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); // kill the child in case the parent died	1024	start_application(0, fp);
1026	start_application(0, fp); // start app
1027	}	1025	}
1028		1026
1029	fclose(fp);	1027	fclose(fp);


diff --git a/status b/status index 6f1823530..a2d6fc116 100644 --- a/status +++ b/status
@@ -1,8 +1,8 @@
1	todo: Jan 13: ffix parent death signal	1	Jan 13: fix parent death signal
2	todo: Dec 17: join: also check proc file to detect nonewprivs bit	2	todo: Dec 17: join: also check proc file to detect nonewprivs bit
3	todo: Sort items alphabetically in man firejail #2479, Feb 26	3	todo: Sort items alphabetically in man firejail #2479, Feb 26
4	todo: Alphabetical ordering of firecfg.config #2544, Mar 8	4	todo: Alphabetical ordering of firecfg.config #2544, Mar 8
5	todo: Fix incorrect parsing of --keep-var-tmp command #2587	5	Mar 13: Fix incorrect parsing of --keep-var-tmp command #2587
6	Mar 13: Avoid including globals.local twice, #2586	6	Mar 13: Avoid including globals.local twice, #2586
7	Mar 10: fix --list reporting for sandboxes using --x11=none; to be ported Mar 10	7	Mar 10: fix --list reporting for sandboxes using --x11=none; to be ported Mar 10
8	Mar 10: checking for invalid chars in profile filename before any other proce…	8	Mar 10: checking for invalid chars in profile filename before any other proce…