From bb4830eb7eb1a1345f13a8f2e8e21a524dda3049 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 12 Apr 2016 07:46:11 -0400 Subject: fixed sigterm forwarding --- src/firejail/main.c | 7 +++---- src/firejail/sandbox.c | 33 +++++++++++++++++++++++++-------- 2 files changed, 28 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/firejail/main.c b/src/firejail/main.c index d33a8740d..c183a7675 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -120,7 +120,7 @@ void clear_run_files(pid_t pid) { static void myexit(int rv) { logmsg("exiting..."); if (!arg_command && !arg_quiet) - printf("\nparent is shutting down, bye...\n"); + printf("\nParent is shutting down, bye...\n"); // delete sandbox files in shared memory @@ -133,9 +133,9 @@ static void myexit(int rv) { static void my_handler(int s){ EUID_ROOT(); if (!arg_quiet) - printf("\nSignal %d caught, shutting down the child process\n", s); + printf("\nParent received signal %d, shutting down the child process...\n", s); logsignal(s); - kill(child, SIGKILL); + kill(child, SIGTERM); myexit(1); } @@ -2097,7 +2097,6 @@ int main(int argc, char **argv) { EUID_USER(); int status = 0; waitpid(child, &status, 0); -printf("after wait\n"); // free globals #ifdef HAVE_SECCOMP diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 22e23d148..70a356058 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -34,6 +34,20 @@ #define CLONE_NEWUSER 0x10000000 #endif +static monitored_pid = 0; +static void sandbox_handler(int s){ + if (!arg_quiet) + printf("\nChild received signal %d, shutting down the sandbox...\n", s); + if (monitored_pid) { + kill(monitored_pid, SIGTERM); + sleep(1); + kill(monitored_pid, SIGKILL); + } + + exit(s); +} + + static void set_caps(void) { if (arg_caps_drop_all) caps_drop_all(); @@ -131,13 +145,15 @@ static void chk_chroot(void) { } static int monitor_application(pid_t app_pid) { + monitored_pid = app_pid; + signal (SIGTERM, sandbox_handler); EUID_USER(); int status; - while (app_pid) { + while (monitored_pid) { usleep(20000); char *msg; - if (asprintf(&msg, "monitoring pid %d\n", app_pid) == -1) + if (asprintf(&msg, "monitoring pid %d\n", monitored_pid) == -1) errExit("asprintf"); logmsg(msg); free(msg); @@ -148,9 +164,9 @@ static int monitor_application(pid_t app_pid) { if (rv == -1) break; } - while(rv != app_pid); + while(rv != monitored_pid); if (arg_debug) - printf("Sandbox monitor: waitpid %u retval %d status %d\n", app_pid, rv, status); + printf("Sandbox monitor: waitpid %u retval %d status %d\n", monitored_pid, rv, status); DIR *dir; if (!(dir = opendir("/proc"))) { @@ -163,7 +179,7 @@ static int monitor_application(pid_t app_pid) { } struct dirent *entry; - app_pid = 0; + monitored_pid = 0; while ((entry = readdir(dir)) != NULL) { unsigned pid; if (sscanf(entry->d_name, "%u", &pid) != 1) @@ -180,14 +196,15 @@ static int monitor_application(pid_t app_pid) { free(pidname); } - app_pid = pid; + monitored_pid = pid; break; } closedir(dir); - if (app_pid != 0 && arg_debug) - printf("Sandbox monitor: monitoring %u\n", app_pid); + if (monitored_pid != 0 && arg_debug) + printf("Sandbox monitor: monitoring %u\n", monitored_pid); } +printf("blablabla\n"); // return the latest exit status. return status; -- cgit v1.2.3-54-g00ecf