diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-01-20 01:10:25 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-01-20 01:10:25 +0100 |
| commit | 2a21f8a4378ace6ca4a221c5a0910bf1f76b891d (patch) | |
| tree | eedd3deffbefaad4421ade8111d016046dc00fb4 | |
| parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
| download | firejail-2a21f8a4378ace6ca4a221c5a0910bf1f76b891d.tar.gz firejail-2a21f8a4378ace6ca4a221c5a0910bf1f76b891d.tar.zst firejail-2a21f8a4378ace6ca4a221c5a0910bf1f76b891d.zip | |
rearrange shutdown option
in order to run it with reduced privileges
| -rw-r--r-- | src/firejail/shutdown.c | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index be20cd353..743a256a4 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
| @@ -26,20 +26,11 @@ | |||
| 26 | void shut(pid_t pid) { | 26 | void shut(pid_t pid) { |
| 27 | EUID_ASSERT(); | 27 | EUID_ASSERT(); |
| 28 | 28 | ||
| 29 | pid_t parent = pid; | ||
| 30 | // if the pid is that of a firejail process, use the pid of a child process inside the sandbox | ||
| 31 | EUID_ROOT(); | 29 | EUID_ROOT(); |
| 32 | char *comm = pid_proc_comm(pid); | 30 | char *comm = pid_proc_comm(pid); |
| 33 | EUID_USER(); | 31 | EUID_USER(); |
| 34 | if (comm) { | 32 | if (comm) { |
| 35 | if (strcmp(comm, "firejail") == 0) { | 33 | if (strcmp(comm, "firejail") != 0) { |
| 36 | pid_t child; | ||
| 37 | if (find_child(pid, &child) == 0) { | ||
| 38 | pid = child; | ||
| 39 | printf("Switching to pid %u, the first child process inside the sandbox\n", (unsigned) pid); | ||
| 40 | } | ||
| 41 | } | ||
| 42 | else { | ||
| 43 | fprintf(stderr, "Error: this is not a firejail sandbox\n"); | 34 | fprintf(stderr, "Error: this is not a firejail sandbox\n"); |
| 44 | exit(1); | 35 | exit(1); |
| 45 | } | 36 | } |
| @@ -58,7 +49,6 @@ void shut(pid_t pid) { | |||
| 58 | } | 49 | } |
| 59 | } | 50 | } |
| 60 | 51 | ||
| 61 | EUID_ROOT(); | ||
| 62 | printf("Sending SIGTERM to %u\n", pid); | 52 | printf("Sending SIGTERM to %u\n", pid); |
| 63 | kill(pid, SIGTERM); | 53 | kill(pid, SIGTERM); |
| 64 | 54 | ||
| @@ -94,14 +84,16 @@ void shut(pid_t pid) { | |||
| 94 | 84 | ||
| 95 | // force SIGKILL | 85 | // force SIGKILL |
| 96 | if (!killdone) { | 86 | if (!killdone) { |
| 97 | // kill the process and also the parent | 87 | // kill the process and its child |
| 88 | pid_t child; | ||
| 89 | if (find_child(pid, &child) == 0) { | ||
| 90 | printf("Sending SIGKILL to %u\n", child); | ||
| 91 | kill(child, SIGKILL); | ||
| 92 | } | ||
| 98 | printf("Sending SIGKILL to %u\n", pid); | 93 | printf("Sending SIGKILL to %u\n", pid); |
| 99 | kill(pid, SIGKILL); | 94 | kill(pid, SIGKILL); |
| 100 | if (parent != pid) { | ||
| 101 | printf("Sending SIGKILL to %u\n", parent); | ||
| 102 | kill(parent, SIGKILL); | ||
| 103 | } | ||
| 104 | } | 95 | } |
| 105 | 96 | ||
| 106 | delete_run_files(parent); | 97 | EUID_ROOT(); |
| 98 | delete_run_files(pid); | ||
| 107 | } | 99 | } |