diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-04-12 07:46:11 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-04-12 07:46:11 -0400 |
| commit | bb4830eb7eb1a1345f13a8f2e8e21a524dda3049 (patch) | |
| tree | 4e4540c02d99eea2f478fe8abfee88603ffb2bd8 /src | |
| parent | xephyr window title (diff) | |
| download | firejail-bb4830eb7eb1a1345f13a8f2e8e21a524dda3049.tar.gz firejail-bb4830eb7eb1a1345f13a8f2e8e21a524dda3049.tar.zst firejail-bb4830eb7eb1a1345f13a8f2e8e21a524dda3049.zip | |
fixed sigterm forwarding
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/main.c | 7 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 33 |
2 files changed, 28 insertions, 12 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index d33a8740d..c183a7675 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -120,7 +120,7 @@ void clear_run_files(pid_t pid) { | |||
| 120 | static void myexit(int rv) { | 120 | static void myexit(int rv) { |
| 121 | logmsg("exiting..."); | 121 | logmsg("exiting..."); |
| 122 | if (!arg_command && !arg_quiet) | 122 | if (!arg_command && !arg_quiet) |
| 123 | printf("\nparent is shutting down, bye...\n"); | 123 | printf("\nParent is shutting down, bye...\n"); |
| 124 | 124 | ||
| 125 | 125 | ||
| 126 | // delete sandbox files in shared memory | 126 | // delete sandbox files in shared memory |
| @@ -133,9 +133,9 @@ static void myexit(int rv) { | |||
| 133 | static void my_handler(int s){ | 133 | static void my_handler(int s){ |
| 134 | EUID_ROOT(); | 134 | EUID_ROOT(); |
| 135 | if (!arg_quiet) | 135 | if (!arg_quiet) |
| 136 | printf("\nSignal %d caught, shutting down the child process\n", s); | 136 | printf("\nParent received signal %d, shutting down the child process...\n", s); |
| 137 | logsignal(s); | 137 | logsignal(s); |
| 138 | kill(child, SIGKILL); | 138 | kill(child, SIGTERM); |
| 139 | myexit(1); | 139 | myexit(1); |
| 140 | } | 140 | } |
| 141 | 141 | ||
| @@ -2097,7 +2097,6 @@ int main(int argc, char **argv) { | |||
| 2097 | EUID_USER(); | 2097 | EUID_USER(); |
| 2098 | int status = 0; | 2098 | int status = 0; |
| 2099 | waitpid(child, &status, 0); | 2099 | waitpid(child, &status, 0); |
| 2100 | printf("after wait\n"); | ||
| 2101 | 2100 | ||
| 2102 | // free globals | 2101 | // free globals |
| 2103 | #ifdef HAVE_SECCOMP | 2102 | #ifdef HAVE_SECCOMP |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 22e23d148..70a356058 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -34,6 +34,20 @@ | |||
| 34 | #define CLONE_NEWUSER 0x10000000 | 34 | #define CLONE_NEWUSER 0x10000000 |
| 35 | #endif | 35 | #endif |
| 36 | 36 | ||
| 37 | static monitored_pid = 0; | ||
| 38 | static void sandbox_handler(int s){ | ||
| 39 | if (!arg_quiet) | ||
| 40 | printf("\nChild received signal %d, shutting down the sandbox...\n", s); | ||
| 41 | if (monitored_pid) { | ||
| 42 | kill(monitored_pid, SIGTERM); | ||
| 43 | sleep(1); | ||
| 44 | kill(monitored_pid, SIGKILL); | ||
| 45 | } | ||
| 46 | |||
| 47 | exit(s); | ||
| 48 | } | ||
| 49 | |||
| 50 | |||
| 37 | static void set_caps(void) { | 51 | static void set_caps(void) { |
| 38 | if (arg_caps_drop_all) | 52 | if (arg_caps_drop_all) |
| 39 | caps_drop_all(); | 53 | caps_drop_all(); |
| @@ -131,13 +145,15 @@ static void chk_chroot(void) { | |||
| 131 | } | 145 | } |
| 132 | 146 | ||
| 133 | static int monitor_application(pid_t app_pid) { | 147 | static int monitor_application(pid_t app_pid) { |
| 148 | monitored_pid = app_pid; | ||
| 149 | signal (SIGTERM, sandbox_handler); | ||
| 134 | EUID_USER(); | 150 | EUID_USER(); |
| 135 | 151 | ||
| 136 | int status; | 152 | int status; |
| 137 | while (app_pid) { | 153 | while (monitored_pid) { |
| 138 | usleep(20000); | 154 | usleep(20000); |
| 139 | char *msg; | 155 | char *msg; |
| 140 | if (asprintf(&msg, "monitoring pid %d\n", app_pid) == -1) | 156 | if (asprintf(&msg, "monitoring pid %d\n", monitored_pid) == -1) |
| 141 | errExit("asprintf"); | 157 | errExit("asprintf"); |
| 142 | logmsg(msg); | 158 | logmsg(msg); |
| 143 | free(msg); | 159 | free(msg); |
| @@ -148,9 +164,9 @@ static int monitor_application(pid_t app_pid) { | |||
| 148 | if (rv == -1) | 164 | if (rv == -1) |
| 149 | break; | 165 | break; |
| 150 | } | 166 | } |
| 151 | while(rv != app_pid); | 167 | while(rv != monitored_pid); |
| 152 | if (arg_debug) | 168 | if (arg_debug) |
| 153 | printf("Sandbox monitor: waitpid %u retval %d status %d\n", app_pid, rv, status); | 169 | printf("Sandbox monitor: waitpid %u retval %d status %d\n", monitored_pid, rv, status); |
| 154 | 170 | ||
| 155 | DIR *dir; | 171 | DIR *dir; |
| 156 | if (!(dir = opendir("/proc"))) { | 172 | if (!(dir = opendir("/proc"))) { |
| @@ -163,7 +179,7 @@ static int monitor_application(pid_t app_pid) { | |||
| 163 | } | 179 | } |
| 164 | 180 | ||
| 165 | struct dirent *entry; | 181 | struct dirent *entry; |
| 166 | app_pid = 0; | 182 | monitored_pid = 0; |
| 167 | while ((entry = readdir(dir)) != NULL) { | 183 | while ((entry = readdir(dir)) != NULL) { |
| 168 | unsigned pid; | 184 | unsigned pid; |
| 169 | if (sscanf(entry->d_name, "%u", &pid) != 1) | 185 | if (sscanf(entry->d_name, "%u", &pid) != 1) |
| @@ -180,14 +196,15 @@ static int monitor_application(pid_t app_pid) { | |||
| 180 | free(pidname); | 196 | free(pidname); |
| 181 | } | 197 | } |
| 182 | 198 | ||
| 183 | app_pid = pid; | 199 | monitored_pid = pid; |
| 184 | break; | 200 | break; |
| 185 | } | 201 | } |
| 186 | closedir(dir); | 202 | closedir(dir); |
| 187 | 203 | ||
| 188 | if (app_pid != 0 && arg_debug) | 204 | if (monitored_pid != 0 && arg_debug) |
| 189 | printf("Sandbox monitor: monitoring %u\n", app_pid); | 205 | printf("Sandbox monitor: monitoring %u\n", monitored_pid); |
| 190 | } | 206 | } |
| 207 | printf("blablabla\n"); | ||
| 191 | 208 | ||
| 192 | // return the latest exit status. | 209 | // return the latest exit status. |
| 193 | return status; | 210 | return status; |