subproc: clear signal handlers in the child process
This commit is contained in:
parent
5f3b511e3f
commit
1b4577e53f
1
common.h
1
common.h
@ -24,6 +24,7 @@
|
||||
|
||||
#include <limits.h>
|
||||
#include <netinet/ip6.h>
|
||||
#include <signal.h>
|
||||
#include <stdbool.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/queue.h>
|
||||
|
2
kafel
2
kafel
@ -1 +1 @@
|
||||
Subproject commit b20d26848992cb14661f6fbccca6a82b1c2af546
|
||||
Subproject commit 2ae8e116e416539da66ed7170e246668df05e43e
|
18
nsjail.c
18
nsjail.c
@ -76,20 +76,10 @@ static bool nsjailSetSigHandler(int sig)
|
||||
|
||||
static bool nsjailSetSigHandlers(void)
|
||||
{
|
||||
if (nsjailSetSigHandler(SIGINT) == false) {
|
||||
return false;
|
||||
}
|
||||
if (nsjailSetSigHandler(SIGUSR1) == false) {
|
||||
return false;
|
||||
}
|
||||
if (nsjailSetSigHandler(SIGALRM) == false) {
|
||||
return false;
|
||||
}
|
||||
if (nsjailSetSigHandler(SIGCHLD) == false) {
|
||||
return false;
|
||||
}
|
||||
if (nsjailSetSigHandler(SIGTERM) == false) {
|
||||
return false;
|
||||
for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
|
||||
if (!nsjailSetSigHandler(nssigs[i])) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
10
nsjail.h
10
nsjail.h
@ -23,6 +23,14 @@
|
||||
#ifndef NS_NSJAIL_H
|
||||
#define NS_NSJAIL_H
|
||||
|
||||
#include "common.h"
|
||||
#include <signal.h>
|
||||
|
||||
static const int nssigs[] = {
|
||||
SIGINT,
|
||||
SIGUSR1,
|
||||
SIGALRM,
|
||||
SIGCHLD,
|
||||
SIGTERM,
|
||||
};
|
||||
|
||||
#endif /* _NSJAIL_H */
|
||||
|
16
subproc.c
16
subproc.c
@ -109,12 +109,28 @@ static const char* subprocCloneFlagsToStr(uintptr_t flags)
|
||||
return cloneFlagName;
|
||||
}
|
||||
|
||||
/* Reset the execution environment for the new process */
|
||||
static bool subprocReset(void)
|
||||
{
|
||||
for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
|
||||
if (signal(nssigs[i], SIG_DFL) == SIG_ERR) {
|
||||
PLOG_W("signal(%s, SIG_DFL)", utilSigName(nssigs[i]));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static int subprocNewProc(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd)
|
||||
{
|
||||
if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
|
||||
exit(0xff);
|
||||
}
|
||||
|
||||
if (!subprocReset()) {
|
||||
exit(0xff);
|
||||
}
|
||||
|
||||
if (pipefd == -1) {
|
||||
if (userInitNsFromParent(nsjconf, getpid()) == false) {
|
||||
LOG_E("Couldn't initialize net user namespace");
|
||||
|
Loading…
Reference in New Issue
Block a user