diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-12 07:46:11 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-12 07:46:11 -0400 |
commit | bb4830eb7eb1a1345f13a8f2e8e21a524dda3049 (patch) | |
tree | 4e4540c02d99eea2f478fe8abfee88603ffb2bd8 /src | |
parent | xephyr window title (diff) | |
download | firejail-bb4830eb7eb1a1345f13a8f2e8e21a524dda3049.tar.gz firejail-bb4830eb7eb1a1345f13a8f2e8e21a524dda3049.tar.zst firejail-bb4830eb7eb1a1345f13a8f2e8e21a524dda3049.zip |
fixed sigterm forwarding
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 7 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 33 |
2 files changed, 28 insertions, 12 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index d33a8740d..c183a7675 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -120,7 +120,7 @@ void clear_run_files(pid_t pid) { | |||
120 | static void myexit(int rv) { | 120 | static void myexit(int rv) { |
121 | logmsg("exiting..."); | 121 | logmsg("exiting..."); |
122 | if (!arg_command && !arg_quiet) | 122 | if (!arg_command && !arg_quiet) |
123 | printf("\nparent is shutting down, bye...\n"); | 123 | printf("\nParent is shutting down, bye...\n"); |
124 | 124 | ||
125 | 125 | ||
126 | // delete sandbox files in shared memory | 126 | // delete sandbox files in shared memory |
@@ -133,9 +133,9 @@ static void myexit(int rv) { | |||
133 | static void my_handler(int s){ | 133 | static void my_handler(int s){ |
134 | EUID_ROOT(); | 134 | EUID_ROOT(); |
135 | if (!arg_quiet) | 135 | if (!arg_quiet) |
136 | printf("\nSignal %d caught, shutting down the child process\n", s); | 136 | printf("\nParent received signal %d, shutting down the child process...\n", s); |
137 | logsignal(s); | 137 | logsignal(s); |
138 | kill(child, SIGKILL); | 138 | kill(child, SIGTERM); |
139 | myexit(1); | 139 | myexit(1); |
140 | } | 140 | } |
141 | 141 | ||
@@ -2097,7 +2097,6 @@ int main(int argc, char **argv) { | |||
2097 | EUID_USER(); | 2097 | EUID_USER(); |
2098 | int status = 0; | 2098 | int status = 0; |
2099 | waitpid(child, &status, 0); | 2099 | waitpid(child, &status, 0); |
2100 | printf("after wait\n"); | ||
2101 | 2100 | ||
2102 | // free globals | 2101 | // free globals |
2103 | #ifdef HAVE_SECCOMP | 2102 | #ifdef HAVE_SECCOMP |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 22e23d148..70a356058 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -34,6 +34,20 @@ | |||
34 | #define CLONE_NEWUSER 0x10000000 | 34 | #define CLONE_NEWUSER 0x10000000 |
35 | #endif | 35 | #endif |
36 | 36 | ||
37 | static monitored_pid = 0; | ||
38 | static void sandbox_handler(int s){ | ||
39 | if (!arg_quiet) | ||
40 | printf("\nChild received signal %d, shutting down the sandbox...\n", s); | ||
41 | if (monitored_pid) { | ||
42 | kill(monitored_pid, SIGTERM); | ||
43 | sleep(1); | ||
44 | kill(monitored_pid, SIGKILL); | ||
45 | } | ||
46 | |||
47 | exit(s); | ||
48 | } | ||
49 | |||
50 | |||
37 | static void set_caps(void) { | 51 | static void set_caps(void) { |
38 | if (arg_caps_drop_all) | 52 | if (arg_caps_drop_all) |
39 | caps_drop_all(); | 53 | caps_drop_all(); |
@@ -131,13 +145,15 @@ static void chk_chroot(void) { | |||
131 | } | 145 | } |
132 | 146 | ||
133 | static int monitor_application(pid_t app_pid) { | 147 | static int monitor_application(pid_t app_pid) { |
148 | monitored_pid = app_pid; | ||
149 | signal (SIGTERM, sandbox_handler); | ||
134 | EUID_USER(); | 150 | EUID_USER(); |
135 | 151 | ||
136 | int status; | 152 | int status; |
137 | while (app_pid) { | 153 | while (monitored_pid) { |
138 | usleep(20000); | 154 | usleep(20000); |
139 | char *msg; | 155 | char *msg; |
140 | if (asprintf(&msg, "monitoring pid %d\n", app_pid) == -1) | 156 | if (asprintf(&msg, "monitoring pid %d\n", monitored_pid) == -1) |
141 | errExit("asprintf"); | 157 | errExit("asprintf"); |
142 | logmsg(msg); | 158 | logmsg(msg); |
143 | free(msg); | 159 | free(msg); |
@@ -148,9 +164,9 @@ static int monitor_application(pid_t app_pid) { | |||
148 | if (rv == -1) | 164 | if (rv == -1) |
149 | break; | 165 | break; |
150 | } | 166 | } |
151 | while(rv != app_pid); | 167 | while(rv != monitored_pid); |
152 | if (arg_debug) | 168 | if (arg_debug) |
153 | printf("Sandbox monitor: waitpid %u retval %d status %d\n", app_pid, rv, status); | 169 | printf("Sandbox monitor: waitpid %u retval %d status %d\n", monitored_pid, rv, status); |
154 | 170 | ||
155 | DIR *dir; | 171 | DIR *dir; |
156 | if (!(dir = opendir("/proc"))) { | 172 | if (!(dir = opendir("/proc"))) { |
@@ -163,7 +179,7 @@ static int monitor_application(pid_t app_pid) { | |||
163 | } | 179 | } |
164 | 180 | ||
165 | struct dirent *entry; | 181 | struct dirent *entry; |
166 | app_pid = 0; | 182 | monitored_pid = 0; |
167 | while ((entry = readdir(dir)) != NULL) { | 183 | while ((entry = readdir(dir)) != NULL) { |
168 | unsigned pid; | 184 | unsigned pid; |
169 | if (sscanf(entry->d_name, "%u", &pid) != 1) | 185 | if (sscanf(entry->d_name, "%u", &pid) != 1) |
@@ -180,14 +196,15 @@ static int monitor_application(pid_t app_pid) { | |||
180 | free(pidname); | 196 | free(pidname); |
181 | } | 197 | } |
182 | 198 | ||
183 | app_pid = pid; | 199 | monitored_pid = pid; |
184 | break; | 200 | break; |
185 | } | 201 | } |
186 | closedir(dir); | 202 | closedir(dir); |
187 | 203 | ||
188 | if (app_pid != 0 && arg_debug) | 204 | if (monitored_pid != 0 && arg_debug) |
189 | printf("Sandbox monitor: monitoring %u\n", app_pid); | 205 | printf("Sandbox monitor: monitoring %u\n", monitored_pid); |
190 | } | 206 | } |
207 | printf("blablabla\n"); | ||
191 | 208 | ||
192 | // return the latest exit status. | 209 | // return the latest exit status. |
193 | return status; | 210 | return status; |