diff options
author | netblue30 <netblue30@yahoo.com> | 2020-08-22 07:29:58 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-08-22 07:29:58 -0400 |
commit | b481e3b6f1173f1517d170d4e26bfdd0931ade36 (patch) | |
tree | 3dc515a2216e88fccc3cc7bbe2ee9a6d56994bb7 /src/firejail/main.c | |
parent | renamed /etc/apparmor.d/local/firejail-local to /etc/apparmor.d/local/firejai... (diff) | |
download | firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.tar.gz firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.tar.zst firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.zip |
cleaning up POSTMORTEM code
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 60 |
1 files changed, 0 insertions, 60 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index b9cb43444..4c98210f5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -153,15 +153,6 @@ int arg_dbus_log_user = 0; | |||
153 | int arg_dbus_log_system = 0; | 153 | int arg_dbus_log_system = 0; |
154 | int login_shell = 0; | 154 | int login_shell = 0; |
155 | 155 | ||
156 | //********************************************************************************** | ||
157 | // work in progress!!! | ||
158 | //********************************************************************************** | ||
159 | //#define POSTMORTEM | ||
160 | #ifdef POSTMORTEM | ||
161 | #include <grp.h> | ||
162 | pid_t pm_child = 0; | ||
163 | #endif | ||
164 | |||
165 | int parent_to_child_fds[2]; | 156 | int parent_to_child_fds[2]; |
166 | int child_to_parent_fds[2]; | 157 | int child_to_parent_fds[2]; |
167 | 158 | ||
@@ -196,19 +187,6 @@ static void my_handler(int s) { | |||
196 | fmessage("\nParent received signal %d, shutting down the child process...\n", s); | 187 | fmessage("\nParent received signal %d, shutting down the child process...\n", s); |
197 | logsignal(s); | 188 | logsignal(s); |
198 | 189 | ||
199 | #ifdef POSTMORTEM | ||
200 | printf("attempt to kill %d\n", pm_child); | ||
201 | if (pm_child) { | ||
202 | if (waitpid(pm_child, NULL, WNOHANG) == 0) { | ||
203 | if (has_handler(pm_child, s)) // signals are not delivered if there is no handler yet | ||
204 | kill(pm_child, s); | ||
205 | else | ||
206 | kill(pm_child, SIGKILL); | ||
207 | waitpid(pm_child, NULL, 0); | ||
208 | } | ||
209 | } | ||
210 | #endif | ||
211 | |||
212 | if (waitpid(child, NULL, WNOHANG) == 0) { | 190 | if (waitpid(child, NULL, WNOHANG) == 0) { |
213 | if (has_handler(child, s)) // signals are not delivered if there is no handler yet | 191 | if (has_handler(child, s)) // signals are not delivered if there is no handler yet |
214 | kill(child, s); | 192 | kill(child, s); |
@@ -3071,44 +3049,6 @@ int main(int argc, char **argv, char **envp) { | |||
3071 | } | 3049 | } |
3072 | EUID_USER(); | 3050 | EUID_USER(); |
3073 | 3051 | ||
3074 | |||
3075 | #ifdef POSTMORTEM | ||
3076 | pm_child = fork(); | ||
3077 | if (pm_child == -1) | ||
3078 | fprintf(stderr, "Error: cannot start POSTMORTEM process\n"); | ||
3079 | else if (pm_child == 0) { | ||
3080 | // running --join as root | ||
3081 | EUID_ROOT(); | ||
3082 | int rv = setgroups(0, NULL); | ||
3083 | rv |= setuid(0); | ||
3084 | rv |= setgid(0); | ||
3085 | if (rv) { | ||
3086 | fprintf(stderr, "Error: cannot start POSTMORTEM process\n"); | ||
3087 | exit(1); | ||
3088 | } | ||
3089 | |||
3090 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); | ||
3091 | /*problem???*/ sleep(1); // we need to give the sandbox some time to start the namespaces | ||
3092 | char *joincmd; | ||
3093 | if (asprintf(&joincmd, "--join-network=%d", child) == -1) | ||
3094 | errExit("asprintf"); | ||
3095 | |||
3096 | // we join only the network ns, the filesystem is intact so we can find tcpdump | ||
3097 | char *arg[] = { | ||
3098 | "/usr/bin/firejail", | ||
3099 | joincmd, | ||
3100 | "/usr/sbin/tcpdump", | ||
3101 | "-n", | ||
3102 | "-q", | ||
3103 | NULL | ||
3104 | }; | ||
3105 | execvp(arg[0], arg); | ||
3106 | assert(0); | ||
3107 | printf("**********************************\n"); | ||
3108 | exit(1); | ||
3109 | } | ||
3110 | #endif | ||
3111 | |||
3112 | int status = 0; | 3052 | int status = 0; |
3113 | //***************************** | 3053 | //***************************** |
3114 | // following code is signal-safe | 3054 | // following code is signal-safe |