diff options
author | smitsohu <smitsohu@gmail.com> | 2021-09-11 18:37:03 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-09-21 15:39:41 +0200 |
commit | 1b2710f4d4948a8ee6332894d886d84f79c0587a (patch) | |
tree | a6d9c87b5d20f983571b2165745bd8bdd9bb69f7 | |
parent | Blacklist ~/.minisign in disable-common (diff) | |
download | firejail-1b2710f4d4948a8ee6332894d886d84f79c0587a.tar.gz firejail-1b2710f4d4948a8ee6332894d886d84f79c0587a.tar.zst firejail-1b2710f4d4948a8ee6332894d886d84f79c0587a.zip |
rework exitcodes
* add 128 to exitcode if child receives a fatal signal
(this is similar to what bash and other shells do)
* unify exitcodes across firejail: treat join'ed processes
the same as processes in the primary process tree
-rw-r--r-- | src/firejail/join.c | 11 | ||||
-rw-r--r-- | src/firejail/main.c | 13 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 17 |
3 files changed, 24 insertions, 17 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 394bbb528..99fbfdd0a 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -45,7 +45,7 @@ static unsigned display = 0; | |||
45 | static void signal_handler(int sig){ | 45 | static void signal_handler(int sig){ |
46 | flush_stdin(); | 46 | flush_stdin(); |
47 | 47 | ||
48 | exit(sig); | 48 | exit(128 + sig); |
49 | } | 49 | } |
50 | 50 | ||
51 | static void install_handler(void) { | 51 | static void install_handler(void) { |
@@ -536,7 +536,6 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
536 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); | 536 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); |
537 | 537 | ||
538 | #ifdef HAVE_APPARMOR | 538 | #ifdef HAVE_APPARMOR |
539 | // add apparmor confinement after the execve | ||
540 | set_apparmor(); | 539 | set_apparmor(); |
541 | #endif | 540 | #endif |
542 | 541 | ||
@@ -596,15 +595,17 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
596 | 595 | ||
597 | // end of signal-safe code | 596 | // end of signal-safe code |
598 | //***************************** | 597 | //***************************** |
599 | flush_stdin(); | ||
600 | 598 | ||
601 | if (WIFEXITED(status)) { | 599 | if (WIFEXITED(status)) { |
600 | // if we had a proper exit, return that exit status | ||
602 | status = WEXITSTATUS(status); | 601 | status = WEXITSTATUS(status); |
603 | } else if (WIFSIGNALED(status)) { | 602 | } else if (WIFSIGNALED(status)) { |
604 | status = WTERMSIG(status); | 603 | // distinguish fatal signals by adding 128 |
604 | status = 128 + WTERMSIG(status); | ||
605 | } else { | 605 | } else { |
606 | status = 0; | 606 | status = -1; |
607 | } | 607 | } |
608 | 608 | ||
609 | flush_stdin(); | ||
609 | exit(status); | 610 | exit(status); |
610 | } | 611 | } |
diff --git a/src/firejail/main.c b/src/firejail/main.c index e0bf44f62..2a9cb7c08 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -189,13 +189,15 @@ static void my_handler(int s) { | |||
189 | logsignal(s); | 189 | logsignal(s); |
190 | 190 | ||
191 | if (waitpid(child, NULL, WNOHANG) == 0) { | 191 | if (waitpid(child, NULL, WNOHANG) == 0) { |
192 | if (has_handler(child, s)) // signals are not delivered if there is no handler yet | 192 | // child is pid 1 of a pid namespace: |
193 | // signals are not delivered if there is no handler yet | ||
194 | if (has_handler(child, s)) | ||
193 | kill(child, s); | 195 | kill(child, s); |
194 | else | 196 | else |
195 | kill(child, SIGKILL); | 197 | kill(child, SIGKILL); |
196 | waitpid(child, NULL, 0); | 198 | waitpid(child, NULL, 0); |
197 | } | 199 | } |
198 | myexit(s); | 200 | myexit(128 + s); |
199 | } | 201 | } |
200 | 202 | ||
201 | static void install_handler(void) { | 203 | static void install_handler(void) { |
@@ -3216,10 +3218,11 @@ printf("link #%s#\n", prf->link); | |||
3216 | if (WIFEXITED(status)){ | 3218 | if (WIFEXITED(status)){ |
3217 | myexit(WEXITSTATUS(status)); | 3219 | myexit(WEXITSTATUS(status)); |
3218 | } else if (WIFSIGNALED(status)) { | 3220 | } else if (WIFSIGNALED(status)) { |
3219 | myexit(WTERMSIG(status)); | 3221 | // distinguish fatal signals by adding 128 |
3222 | myexit(128 + WTERMSIG(status)); | ||
3220 | } else { | 3223 | } else { |
3221 | myexit(0); | 3224 | myexit(1); |
3222 | } | 3225 | } |
3223 | 3226 | ||
3224 | return 0; | 3227 | return 1; |
3225 | } | 3228 | } |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 59ddfb855..995827fb7 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -87,9 +87,9 @@ static void sandbox_handler(int sig){ | |||
87 | 87 | ||
88 | // broadcast a SIGKILL | 88 | // broadcast a SIGKILL |
89 | kill(-1, SIGKILL); | 89 | kill(-1, SIGKILL); |
90 | flush_stdin(); | ||
91 | 90 | ||
92 | exit(sig); | 91 | flush_stdin(); |
92 | exit(128 + sig); | ||
93 | } | 93 | } |
94 | 94 | ||
95 | static void install_handler(void) { | 95 | static void install_handler(void) { |
@@ -1243,7 +1243,6 @@ int sandbox(void* sandbox_arg) { | |||
1243 | 1243 | ||
1244 | if (app_pid == 0) { | 1244 | if (app_pid == 0) { |
1245 | #ifdef HAVE_APPARMOR | 1245 | #ifdef HAVE_APPARMOR |
1246 | // add apparmor confinement after the execve | ||
1247 | set_apparmor(); | 1246 | set_apparmor(); |
1248 | #endif | 1247 | #endif |
1249 | 1248 | ||
@@ -1258,13 +1257,17 @@ int sandbox(void* sandbox_arg) { | |||
1258 | munmap(set_sandbox_status, 1); | 1257 | munmap(set_sandbox_status, 1); |
1259 | 1258 | ||
1260 | int status = monitor_application(app_pid); // monitor application | 1259 | int status = monitor_application(app_pid); // monitor application |
1261 | flush_stdin(); | ||
1262 | 1260 | ||
1263 | if (WIFEXITED(status)) { | 1261 | if (WIFEXITED(status)) { |
1264 | // if we had a proper exit, return that exit status | 1262 | // if we had a proper exit, return that exit status |
1265 | return WEXITSTATUS(status); | 1263 | status = WEXITSTATUS(status); |
1264 | } else if (WIFSIGNALED(status)) { | ||
1265 | // distinguish fatal signals by adding 128 | ||
1266 | status = 128 + WTERMSIG(status); | ||
1266 | } else { | 1267 | } else { |
1267 | // something else went wrong! | 1268 | status = -1; |
1268 | return -1; | ||
1269 | } | 1269 | } |
1270 | |||
1271 | flush_stdin(); | ||
1272 | return status; | ||
1270 | } | 1273 | } |