cleaning up POSTMORTEM code

author: netblue30 <netblue30@yahoo.com> 2020-08-22 07:29:58 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-08-22 07:29:58 -0400
commit: b481e3b6f1173f1517d170d4e26bfdd0931ade36 (patch)
tree: 3dc515a2216e88fccc3cc7bbe2ee9a6d56994bb7 /src/firejail
parent: renamed /etc/apparmor.d/local/firejail-local to /etc/apparmor.d/local/firejai... (diff)
download: firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.tar.gz
firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.tar.zst
firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.zip
1 files changed, 0 insertions, 60 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b9cb43444..4c98210f5 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -153,15 +153,6 @@ int arg_dbus_log_user = 0;
 int arg_dbus_log_system = 0;
 int login_shell = 0;
-//**********************************************************************************
-// work in progress!!!
-//**********************************************************************************
-//#define POSTMORTEM
-#ifdef POSTMORTEM
-#include <grp.h>
-pid_t pm_child = 0;
-#endif
 int parent_to_child_fds[2];
 int child_to_parent_fds[2];
@@ -196,19 +187,6 @@ static void my_handler(int s) {
        fmessage("\nParent received signal %d, shutting down the child process...\n", s);
        logsignal(s);
-#ifdef POSTMORTEM
-printf("attempt to kill %d\n", pm_child);
-        if (pm_child) {
-                if (waitpid(pm_child, NULL, WNOHANG) == 0) {
-                        if (has_handler(pm_child, s)) // signals are not delivered if there is no handler yet
-                                kill(pm_child, s);
-                        else
-                                kill(pm_child, SIGKILL);
-                        waitpid(pm_child, NULL, 0);
-                }
-        }
-#endif
        if (waitpid(child, NULL, WNOHANG) == 0) {
                if (has_handler(child, s)) // signals are not delivered if there is no handler yet
                        kill(child, s);
@@ -3071,44 +3049,6 @@ int main(int argc, char **argv, char **envp) {
        }
        EUID_USER();
-#ifdef POSTMORTEM
-        pm_child = fork();
-        if (pm_child == -1)
-                fprintf(stderr, "Error: cannot start POSTMORTEM process\n");
-        else if (pm_child == 0) {
-                // running --join as root
-                EUID_ROOT();
-                int rv = setgroups(0, NULL);
-                rv |= setuid(0);
-                rv |= setgid(0);
-                if (rv) {
-                        fprintf(stderr, "Error: cannot start POSTMORTEM process\n");
-                        exit(1);
-                }
-                prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
-/*problem???*/  sleep(1); // we need to give the sandbox some time to start the namespaces
-                char *joincmd;
-                if (asprintf(&joincmd, "--join-network=%d", child) == -1)
-                        errExit("asprintf");
-                // we join only the network ns, the filesystem is intact so we can find tcpdump
-                char *arg[] =  {
-                        "/usr/bin/firejail",
-                        joincmd,
-                        "/usr/sbin/tcpdump",
-                        "-n",
-                        "-q",
-                        NULL
-                };
-                execvp(arg[0], arg);
-                assert(0);
-printf("**********************************\n");
-                exit(1);
-        }
-#endif
        int status = 0;
        //*****************************
        // following code is signal-safe
author	netblue30 <netblue30@yahoo.com>	2020-08-22 07:29:58 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-08-22 07:29:58 -0400
commit	b481e3b6f1173f1517d170d4e26bfdd0931ade36 (patch)
tree	3dc515a2216e88fccc3cc7bbe2ee9a6d56994bb7 /src/firejail
parent	renamed /etc/apparmor.d/local/firejail-local to /etc/apparmor.d/local/firejai... (diff)
download	firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.tar.gz firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.tar.zst firejail-b481e3b6f1173f1517d170d4e26bfdd0931ade36.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index b9cb43444..4c98210f5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -153,15 +153,6 @@ int arg_dbus_log_user = 0;
153	int arg_dbus_log_system = 0;	153	int arg_dbus_log_system = 0;
154	int login_shell = 0;	154	int login_shell = 0;
155		155
156	//**********************************************************************************
157	// work in progress!!!
158	//**********************************************************************************
159	//#define POSTMORTEM
160	#ifdef POSTMORTEM
161	#include <grp.h>
162	pid_t pm_child = 0;
163	#endif
164
165	int parent_to_child_fds[2];	156	int parent_to_child_fds[2];
166	int child_to_parent_fds[2];	157	int child_to_parent_fds[2];
167		158
@@ -196,19 +187,6 @@ static void my_handler(int s) {
196	fmessage("\nParent received signal %d, shutting down the child process...\n", s);	187	fmessage("\nParent received signal %d, shutting down the child process...\n", s);
197	logsignal(s);	188	logsignal(s);
198		189
199	#ifdef POSTMORTEM
200	printf("attempt to kill %d\n", pm_child);
201	if (pm_child) {
202	if (waitpid(pm_child, NULL, WNOHANG) == 0) {
203	if (has_handler(pm_child, s)) // signals are not delivered if there is no handler yet
204	kill(pm_child, s);
205	else
206	kill(pm_child, SIGKILL);
207	waitpid(pm_child, NULL, 0);
208	}
209	}
210	#endif
211
212	if (waitpid(child, NULL, WNOHANG) == 0) {	190	if (waitpid(child, NULL, WNOHANG) == 0) {
213	if (has_handler(child, s)) // signals are not delivered if there is no handler yet	191	if (has_handler(child, s)) // signals are not delivered if there is no handler yet
214	kill(child, s);	192	kill(child, s);
@@ -3071,44 +3049,6 @@ int main(int argc, char argv, char envp) {
3071	}	3049	}
3072	EUID_USER();	3050	EUID_USER();
3073		3051
3074
3075	#ifdef POSTMORTEM
3076	pm_child = fork();
3077	if (pm_child == -1)
3078	fprintf(stderr, "Error: cannot start POSTMORTEM process\n");
3079	else if (pm_child == 0) {
3080	// running --join as root
3081	EUID_ROOT();
3082	int rv = setgroups(0, NULL);
3083	rv \|= setuid(0);
3084	rv \|= setgid(0);
3085	if (rv) {
3086	fprintf(stderr, "Error: cannot start POSTMORTEM process\n");
3087	exit(1);
3088	}
3089
3090	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
3091	/problem???/ sleep(1); // we need to give the sandbox some time to start the namespaces
3092	char *joincmd;
3093	if (asprintf(&joincmd, "--join-network=%d", child) == -1)
3094	errExit("asprintf");
3095
3096	// we join only the network ns, the filesystem is intact so we can find tcpdump
3097	char *arg[] = {
3098	"/usr/bin/firejail",
3099	joincmd,
3100	"/usr/sbin/tcpdump",
3101	"-n",
3102	"-q",
3103	NULL
3104	};
3105	execvp(arg[0], arg);
3106	assert(0);
3107	printf("**********************************\n");
3108	exit(1);
3109	}
3110	#endif
3111
3112	int status = 0;	3052	int status = 0;
3113	//*****************************	3053	//*****************************
3114	// following code is signal-safe	3054	// following code is signal-safe