diff options
author | netblue30 <netblue30@yahoo.com> | 2019-12-15 14:19:58 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2019-12-15 14:19:58 -0500 |
commit | a6b675f56ad9e70421cc34fca90142e9f42604b1 (patch) | |
tree | ae8ebeef5122061007b593fea7b2dcc7031f1f89 /src | |
parent | small fix (diff) | |
download | firejail-a6b675f56ad9e70421cc34fca90142e9f42604b1.tar.gz firejail-a6b675f56ad9e70421cc34fca90142e9f42604b1.tar.zst firejail-a6b675f56ad9e70421cc34fca90142e9f42604b1.zip |
postmortem: playing around
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index e711a59fb..179f8ddf9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -145,6 +145,14 @@ int arg_nou2f = 0; // --nou2f | |||
145 | int arg_deterministic_exit_code = 0; // always exit with first child's exit status | 145 | int arg_deterministic_exit_code = 0; // always exit with first child's exit status |
146 | int login_shell = 0; | 146 | int login_shell = 0; |
147 | 147 | ||
148 | //********************************************************************************** | ||
149 | // work in progress!!! | ||
150 | //********************************************************************************** | ||
151 | //#define POSTMORTEM | ||
152 | #ifdef POSTMORTEM | ||
153 | #include <grp.h> | ||
154 | pid_t pm_child = 0; | ||
155 | #endif | ||
148 | 156 | ||
149 | int parent_to_child_fds[2]; | 157 | int parent_to_child_fds[2]; |
150 | int child_to_parent_fds[2]; | 158 | int child_to_parent_fds[2]; |
@@ -178,6 +186,20 @@ static void myexit(int rv) { | |||
178 | static void my_handler(int s) { | 186 | static void my_handler(int s) { |
179 | fmessage("\nParent received signal %d, shutting down the child process...\n", s); | 187 | fmessage("\nParent received signal %d, shutting down the child process...\n", s); |
180 | logsignal(s); | 188 | logsignal(s); |
189 | |||
190 | #ifdef POSTMORTEM | ||
191 | printf("attempt to kill %d\n", pm_child); | ||
192 | if (pm_child) { | ||
193 | if (waitpid(pm_child, NULL, WNOHANG) == 0) { | ||
194 | if (has_handler(pm_child, s)) // signals are not delivered if there is no handler yet | ||
195 | kill(pm_child, s); | ||
196 | else | ||
197 | kill(pm_child, SIGKILL); | ||
198 | waitpid(pm_child, NULL, 0); | ||
199 | } | ||
200 | } | ||
201 | #endif | ||
202 | |||
181 | if (waitpid(child, NULL, WNOHANG) == 0) { | 203 | if (waitpid(child, NULL, WNOHANG) == 0) { |
182 | if (has_handler(child, s)) // signals are not delivered if there is no handler yet | 204 | if (has_handler(child, s)) // signals are not delivered if there is no handler yet |
183 | kill(child, s); | 205 | kill(child, s); |
@@ -2728,6 +2750,44 @@ int main(int argc, char **argv) { | |||
2728 | } | 2750 | } |
2729 | EUID_USER(); | 2751 | EUID_USER(); |
2730 | 2752 | ||
2753 | |||
2754 | #ifdef POSTMORTEM | ||
2755 | pm_child = fork(); | ||
2756 | if (pm_child == -1) | ||
2757 | fprintf(stderr, "Error: cannot start POSTMORTEM process\n"); | ||
2758 | else if (pm_child == 0) { | ||
2759 | // running --join as root | ||
2760 | EUID_ROOT(); | ||
2761 | int rv = setgroups(0, NULL); | ||
2762 | rv |= setuid(0); | ||
2763 | rv |= setgid(0); | ||
2764 | if (rv) { | ||
2765 | fprintf(stderr, "Error: cannot start POSTMORTEM process\n"); | ||
2766 | exit(1); | ||
2767 | } | ||
2768 | |||
2769 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); | ||
2770 | /*problem???*/ sleep(1); // we need to give the sandbox some time to start the namespaces | ||
2771 | char *joincmd; | ||
2772 | if (asprintf(&joincmd, "--join-network=%d", child) == -1) | ||
2773 | errExit("asprintf"); | ||
2774 | |||
2775 | // we join only the network ns, the filesystem is intact so we can find tcpdump | ||
2776 | char *arg[] = { | ||
2777 | "/usr/bin/firejail", | ||
2778 | joincmd, | ||
2779 | "/usr/sbin/tcpdump", | ||
2780 | "-n", | ||
2781 | "-q", | ||
2782 | NULL | ||
2783 | }; | ||
2784 | execvp(arg[0], arg); | ||
2785 | assert(0); | ||
2786 | printf("**********************************\n"); | ||
2787 | exit(1); | ||
2788 | } | ||
2789 | #endif | ||
2790 | |||
2731 | int status = 0; | 2791 | int status = 0; |
2732 | //***************************** | 2792 | //***************************** |
2733 | // following code is signal-safe | 2793 | // following code is signal-safe |