wait up to 10 seconds for sandbox shutdown

author: netblue30 <netblue30@yahoo.com> 2016-04-13 20:47:18 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-04-13 20:47:18 -0400
commit: c85acb7ba71b153806632256b511b915b872c5bc (patch)
tree: 0b7d6a11cde99266be994fd319b6edaa4ccd21cf /src/firejail/shutdown.c
parent: profile fixes (diff)
download: firejail-c85acb7ba71b153806632256b511b915b872c5bc.tar.gz
firejail-c85acb7ba71b153806632256b511b915b872c5bc.tar.zst
firejail-c85acb7ba71b153806632256b511b915b872c5bc.zip
1 files changed, 38 insertions, 18 deletions
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c
index 94ca0a816..8d8035bfb 100644
--- a/src/firejail/shutdown.c
+++ b/src/firejail/shutdown.c
@@ -77,26 +77,46 @@ void shut(pid_t pid) {
        EUID_ROOT();
        printf("Sending SIGTERM to %u\n", pid);
        kill(pid, SIGTERM);
-        sleep(2);
        
-        // if the process is still running, terminate it using SIGKILL
+        // wait for not more than 10 seconds
-        // try to open stat file
+        sleep(2);
-        char *file;
+        int monsec = 8;
-        if (asprintf(&file, "/proc/%u/status", pid) == -1) {
+        char *monfile;
-                perror("asprintf");
+        if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1)
-                exit(1);
+                errExit("asprintf");
+        int killdone = 0;
+        while (monsec) {
+                FILE *fp = fopen(monfile, "r");
+                if (!fp) {
+                        killdone = 1;
+                        break;
+                }
+                
+                char c;
+                size_t count = fread(&c, 1, 1, fp);
+                fclose(fp);
+                if (count == 0) {
+                        // all done
+                        killdone = 1;
+                        break;
+                }
+                sleep(1);
+                monsec--;
        }
-        FILE *fp = fopen(file, "r");
+        free(monfile);
-        if (!fp)
-                return;
-        fclose(fp);
+        // force SIGKILL
-        
+        if (!killdone) {
-        // kill the process and also the parent
+                // kill the process and also the parent
-        printf("Sending SIGKILL to %u\n", pid);
+                printf("Sending SIGKILL to %u\n", pid);
-        kill(pid, SIGKILL);
+                kill(pid, SIGKILL);
-        if (parent != pid) {
+                if (parent != pid) {
-                printf("Sending SIGKILL to %u\n", parent);
+                        printf("Sending SIGKILL to %u\n", parent);
-                kill(parent, SIGKILL);
+                        kill(parent, SIGKILL);
+                }
        }
        
        clear_run_files(parent);
author	netblue30 <netblue30@yahoo.com>	2016-04-13 20:47:18 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-04-13 20:47:18 -0400
commit	c85acb7ba71b153806632256b511b915b872c5bc (patch)
tree	0b7d6a11cde99266be994fd319b6edaa4ccd21cf /src/firejail/shutdown.c
parent	profile fixes (diff)
download	firejail-c85acb7ba71b153806632256b511b915b872c5bc.tar.gz firejail-c85acb7ba71b153806632256b511b915b872c5bc.tar.zst firejail-c85acb7ba71b153806632256b511b915b872c5bc.zip

diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index 94ca0a816..8d8035bfb 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c
@@ -77,26 +77,46 @@ void shut(pid_t pid) {
77	EUID_ROOT();	77	EUID_ROOT();
78	printf("Sending SIGTERM to %u\n", pid);	78	printf("Sending SIGTERM to %u\n", pid);
79	kill(pid, SIGTERM);	79	kill(pid, SIGTERM);
80	sleep(2);
81		80
82	// if the process is still running, terminate it using SIGKILL	81	// wait for not more than 10 seconds
83	// try to open stat file	82	sleep(2);
84	char *file;	83	int monsec = 8;
85	if (asprintf(&file, "/proc/%u/status", pid) == -1) {	84	char *monfile;
86	perror("asprintf");	85	if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1)
87	exit(1);	86	errExit("asprintf");
		87	int killdone = 0;
		88
		89	while (monsec) {
		90	FILE *fp = fopen(monfile, "r");
		91	if (!fp) {
		92	killdone = 1;
		93	break;
		94	}
		95
		96	char c;
		97	size_t count = fread(&c, 1, 1, fp);
		98	fclose(fp);
		99	if (count == 0) {
		100	// all done
		101	killdone = 1;
		102	break;
		103	}
		104
		105	sleep(1);
		106	monsec--;
88	}	107	}
89	FILE *fp = fopen(file, "r");	108	free(monfile);
90	if (!fp)	109
91	return;	110
92	fclose(fp);	111	// force SIGKILL
93		112	if (!killdone) {
94	// kill the process and also the parent	113	// kill the process and also the parent
95	printf("Sending SIGKILL to %u\n", pid);	114	printf("Sending SIGKILL to %u\n", pid);
96	kill(pid, SIGKILL);	115	kill(pid, SIGKILL);
97	if (parent != pid) {	116	if (parent != pid) {
98	printf("Sending SIGKILL to %u\n", parent);	117	printf("Sending SIGKILL to %u\n", parent);
99	kill(parent, SIGKILL);	118	kill(parent, SIGKILL);
		119	}
100	}	120	}
101		121
102	clear_run_files(parent);	122	clear_run_files(parent);