0.9.38.4 testing0.9.38.4

author: netblue30 <netblue30@yahoo.com> 2016-10-10 08:30:54 -0400
committer: netblue30 <netblue30@yahoo.com> 2016-10-10 08:30:54 -0400
commit: 19302eb4a3f6d8594f87019018a434439ff4bde4 (patch)
tree: 1fe5ba70eaf958588ba6e0bb8b81179ae7b18bd5 /src
parent: github (diff)
download: firejail-19302eb4a3f6d8594f87019018a434439ff4bde4.tar.gz
firejail-19302eb4a3f6d8594f87019018a434439ff4bde4.tar.zst
firejail-19302eb4a3f6d8594f87019018a434439ff4bde4.zip
5 files changed, 25 insertions, 25 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 5104bd688..759569cb4 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -358,6 +358,7 @@ const char *gnu_basename(const char *path);
 uid_t pid_get_uid(pid_t pid);
 void invalid_filename(const char *fname);
 int remove_directory(const char *path);
+void flush_stdin(void);
 // fs_var.c
 void fs_var_log(void);  // mounting /var/log
diff --git a/src/firejail/join.c b/src/firejail/join.c
index b05e25387..575baf71e 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -29,6 +29,12 @@ static uint64_t caps = 0;
 static int apply_seccomp = 0;
 #define BUFLEN 4096
+static void signal_handler(int sig){
+        flush_stdin();
+        exit(sig);
+}
 static void extract_command(int argc, char **argv, int index) {
        if (index >= argc)
                return;
@@ -194,6 +200,7 @@ void join_name(const char *name, const char *homedir, int argc, char **argv, int
 void join(pid_t pid, const char *homedir, int argc, char **argv, int index) {
        extract_command(argc, argv, index);
+        signal (SIGTERM, signal_handler);
        // if the pid is that of a firejail  process, use the pid of the first child process
        char *comm = pid_proc_comm(pid);
@@ -388,6 +395,7 @@ void join(pid_t pid, const char *homedir, int argc, char **argv, int index) {
        // wait for the child to finish
        waitpid(child, NULL, 0);
+        flush_stdin();
        exit(0);
 }
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b945f504b..9e2aec4d5 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -111,6 +111,7 @@ static void myexit(int rv) {
        bandwidth_shm_del_file(sandbox_pid);            // bandwidth file
        network_shm_del_file(sandbox_pid);              // network map file
        
+        flush_stdin();
        exit(rv); 
 }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 9cb97187e..fc93e1eef 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -171,31 +171,6 @@ static void monitor_application(pid_t app_pid) {
                        printf("Sandbox monitor: monitoring %u\n", app_pid);
        }
-#if 0
-// todo: find a way to shut down interfaces before closing the namespace
-// the problem is we don't have enough privileges to shutdown interfaces in this moment
-        // shut down bridge/macvlan interfaces
-        if (any_bridge_configured()) {
-                
-                if (cfg.bridge0.configured) {
-                        printf("Shutting down %s\n", cfg.bridge0.devsandbox);
-                        net_if_down( cfg.bridge0.devsandbox);
-                }
-                if (cfg.bridge1.configured) {
-                        printf("Shutting down %s\n", cfg.bridge1.devsandbox);
-                        net_if_down( cfg.bridge1.devsandbox);
-                }
-                if (cfg.bridge2.configured) {
-                        printf("Shutting down %s\n", cfg.bridge2.devsandbox);
-                        net_if_down( cfg.bridge2.devsandbox);
-                }
-                if (cfg.bridge3.configured) {
-                        printf("Shutting down %s\n", cfg.bridge3.devsandbox);
-                        net_if_down( cfg.bridge3.devsandbox);
-                }
-                usleep(20000);  // 20 ms sleep
-        }       
-#endif  
 }
@@ -672,6 +647,7 @@ int sandbox(void* sandbox_arg) {
        }
        monitor_application(app_pid);   // monitor application
+        flush_stdin();
        
        return 0;
 }
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 7b871ae0d..9c2caaf74 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -25,6 +25,8 @@
 #include <dirent.h>
 #include <grp.h>
 #include <ftw.h>
+#include <sys/ioctl.h>
+#include <termios.h>
 #define MAX_GROUPS 1024
 // drop privileges
@@ -641,3 +643,15 @@ int remove_directory(const char *path) {
        // FTW_PHYS - do not follow symbolic links
        return nftw(path, remove_callback, 64, FTW_DEPTH | FTW_PHYS);
 }
+void flush_stdin(void) {
+        if (isatty(STDIN_FILENO)) {
+                int cnt = 0;
+                ioctl(STDIN_FILENO, FIONREAD, &cnt);
+                if (cnt) {
+                        if (!arg_quiet)
+                                printf("Warning: removing %d bytes from stdin\n", cnt);
+                        ioctl(STDIN_FILENO, TCFLSH, TCIFLUSH);
+                }
+        }
+}
author	netblue30 <netblue30@yahoo.com>	2016-10-10 08:30:54 -0400
committer	netblue30 <netblue30@yahoo.com>	2016-10-10 08:30:54 -0400
commit	19302eb4a3f6d8594f87019018a434439ff4bde4 (patch)
tree	1fe5ba70eaf958588ba6e0bb8b81179ae7b18bd5 /src
parent	github (diff)
download	firejail-19302eb4a3f6d8594f87019018a434439ff4bde4.tar.gz firejail-19302eb4a3f6d8594f87019018a434439ff4bde4.tar.zst firejail-19302eb4a3f6d8594f87019018a434439ff4bde4.zip