From b481e3b6f1173f1517d170d4e26bfdd0931ade36 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 22 Aug 2020 07:29:58 -0400 Subject: cleaning up POSTMORTEM code --- src/firejail/main.c | 60 ----------------------------------------------------- 1 file changed, 60 deletions(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index b9cb43444..4c98210f5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -153,15 +153,6 @@ int arg_dbus_log_user = 0; int arg_dbus_log_system = 0; int login_shell = 0; -//********************************************************************************** -// work in progress!!! -//********************************************************************************** -//#define POSTMORTEM -#ifdef POSTMORTEM -#include -pid_t pm_child = 0; -#endif - int parent_to_child_fds[2]; int child_to_parent_fds[2]; @@ -196,19 +187,6 @@ static void my_handler(int s) { fmessage("\nParent received signal %d, shutting down the child process...\n", s); logsignal(s); -#ifdef POSTMORTEM -printf("attempt to kill %d\n", pm_child); - if (pm_child) { - if (waitpid(pm_child, NULL, WNOHANG) == 0) { - if (has_handler(pm_child, s)) // signals are not delivered if there is no handler yet - kill(pm_child, s); - else - kill(pm_child, SIGKILL); - waitpid(pm_child, NULL, 0); - } - } -#endif - if (waitpid(child, NULL, WNOHANG) == 0) { if (has_handler(child, s)) // signals are not delivered if there is no handler yet kill(child, s); @@ -3071,44 +3049,6 @@ int main(int argc, char **argv, char **envp) { } EUID_USER(); - -#ifdef POSTMORTEM - pm_child = fork(); - if (pm_child == -1) - fprintf(stderr, "Error: cannot start POSTMORTEM process\n"); - else if (pm_child == 0) { - // running --join as root - EUID_ROOT(); - int rv = setgroups(0, NULL); - rv |= setuid(0); - rv |= setgid(0); - if (rv) { - fprintf(stderr, "Error: cannot start POSTMORTEM process\n"); - exit(1); - } - - prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); -/*problem???*/ sleep(1); // we need to give the sandbox some time to start the namespaces - char *joincmd; - if (asprintf(&joincmd, "--join-network=%d", child) == -1) - errExit("asprintf"); - - // we join only the network ns, the filesystem is intact so we can find tcpdump - char *arg[] = { - "/usr/bin/firejail", - joincmd, - "/usr/sbin/tcpdump", - "-n", - "-q", - NULL - }; - execvp(arg[0], arg); - assert(0); -printf("**********************************\n"); - exit(1); - } -#endif - int status = 0; //***************************** // following code is signal-safe -- cgit v1.2.3-54-g00ecf