diff options
author | smitsohu <smitsohu@gmail.com> | 2019-01-20 01:10:25 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-01-20 01:10:25 +0100 |
commit | 2a21f8a4378ace6ca4a221c5a0910bf1f76b891d (patch) | |
tree | eedd3deffbefaad4421ade8111d016046dc00fb4 /src | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-2a21f8a4378ace6ca4a221c5a0910bf1f76b891d.tar.gz firejail-2a21f8a4378ace6ca4a221c5a0910bf1f76b891d.tar.zst firejail-2a21f8a4378ace6ca4a221c5a0910bf1f76b891d.zip |
rearrange shutdown option
in order to run it with reduced privileges
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/shutdown.c | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index be20cd353..743a256a4 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -26,20 +26,11 @@ | |||
26 | void shut(pid_t pid) { | 26 | void shut(pid_t pid) { |
27 | EUID_ASSERT(); | 27 | EUID_ASSERT(); |
28 | 28 | ||
29 | pid_t parent = pid; | ||
30 | // if the pid is that of a firejail process, use the pid of a child process inside the sandbox | ||
31 | EUID_ROOT(); | 29 | EUID_ROOT(); |
32 | char *comm = pid_proc_comm(pid); | 30 | char *comm = pid_proc_comm(pid); |
33 | EUID_USER(); | 31 | EUID_USER(); |
34 | if (comm) { | 32 | if (comm) { |
35 | if (strcmp(comm, "firejail") == 0) { | 33 | if (strcmp(comm, "firejail") != 0) { |
36 | pid_t child; | ||
37 | if (find_child(pid, &child) == 0) { | ||
38 | pid = child; | ||
39 | printf("Switching to pid %u, the first child process inside the sandbox\n", (unsigned) pid); | ||
40 | } | ||
41 | } | ||
42 | else { | ||
43 | fprintf(stderr, "Error: this is not a firejail sandbox\n"); | 34 | fprintf(stderr, "Error: this is not a firejail sandbox\n"); |
44 | exit(1); | 35 | exit(1); |
45 | } | 36 | } |
@@ -58,7 +49,6 @@ void shut(pid_t pid) { | |||
58 | } | 49 | } |
59 | } | 50 | } |
60 | 51 | ||
61 | EUID_ROOT(); | ||
62 | printf("Sending SIGTERM to %u\n", pid); | 52 | printf("Sending SIGTERM to %u\n", pid); |
63 | kill(pid, SIGTERM); | 53 | kill(pid, SIGTERM); |
64 | 54 | ||
@@ -94,14 +84,16 @@ void shut(pid_t pid) { | |||
94 | 84 | ||
95 | // force SIGKILL | 85 | // force SIGKILL |
96 | if (!killdone) { | 86 | if (!killdone) { |
97 | // kill the process and also the parent | 87 | // kill the process and its child |
88 | pid_t child; | ||
89 | if (find_child(pid, &child) == 0) { | ||
90 | printf("Sending SIGKILL to %u\n", child); | ||
91 | kill(child, SIGKILL); | ||
92 | } | ||
98 | printf("Sending SIGKILL to %u\n", pid); | 93 | printf("Sending SIGKILL to %u\n", pid); |
99 | kill(pid, SIGKILL); | 94 | kill(pid, SIGKILL); |
100 | if (parent != pid) { | ||
101 | printf("Sending SIGKILL to %u\n", parent); | ||
102 | kill(parent, SIGKILL); | ||
103 | } | ||
104 | } | 95 | } |
105 | 96 | ||
106 | delete_run_files(parent); | 97 | EUID_ROOT(); |
98 | delete_run_files(pid); | ||
107 | } | 99 | } |