subproc: clear signal handlers in the child process
This commit is contained in:
parent
5f3b511e3f
commit
1b4577e53f
1
common.h
1
common.h
@ -24,6 +24,7 @@
|
|||||||
|
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
#include <netinet/ip6.h>
|
#include <netinet/ip6.h>
|
||||||
|
#include <signal.h>
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <sys/queue.h>
|
#include <sys/queue.h>
|
||||||
|
2
kafel
2
kafel
@ -1 +1 @@
|
|||||||
Subproject commit b20d26848992cb14661f6fbccca6a82b1c2af546
|
Subproject commit 2ae8e116e416539da66ed7170e246668df05e43e
|
14
nsjail.c
14
nsjail.c
@ -76,20 +76,10 @@ static bool nsjailSetSigHandler(int sig)
|
|||||||
|
|
||||||
static bool nsjailSetSigHandlers(void)
|
static bool nsjailSetSigHandlers(void)
|
||||||
{
|
{
|
||||||
if (nsjailSetSigHandler(SIGINT) == false) {
|
for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
|
||||||
|
if (!nsjailSetSigHandler(nssigs[i])) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (nsjailSetSigHandler(SIGUSR1) == false) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (nsjailSetSigHandler(SIGALRM) == false) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (nsjailSetSigHandler(SIGCHLD) == false) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (nsjailSetSigHandler(SIGTERM) == false) {
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
10
nsjail.h
10
nsjail.h
@ -23,6 +23,14 @@
|
|||||||
#ifndef NS_NSJAIL_H
|
#ifndef NS_NSJAIL_H
|
||||||
#define NS_NSJAIL_H
|
#define NS_NSJAIL_H
|
||||||
|
|
||||||
#include "common.h"
|
#include <signal.h>
|
||||||
|
|
||||||
|
static const int nssigs[] = {
|
||||||
|
SIGINT,
|
||||||
|
SIGUSR1,
|
||||||
|
SIGALRM,
|
||||||
|
SIGCHLD,
|
||||||
|
SIGTERM,
|
||||||
|
};
|
||||||
|
|
||||||
#endif /* _NSJAIL_H */
|
#endif /* _NSJAIL_H */
|
||||||
|
16
subproc.c
16
subproc.c
@ -109,12 +109,28 @@ static const char* subprocCloneFlagsToStr(uintptr_t flags)
|
|||||||
return cloneFlagName;
|
return cloneFlagName;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Reset the execution environment for the new process */
|
||||||
|
static bool subprocReset(void)
|
||||||
|
{
|
||||||
|
for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
|
||||||
|
if (signal(nssigs[i], SIG_DFL) == SIG_ERR) {
|
||||||
|
PLOG_W("signal(%s, SIG_DFL)", utilSigName(nssigs[i]));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
static int subprocNewProc(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd)
|
static int subprocNewProc(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd)
|
||||||
{
|
{
|
||||||
if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
|
if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
|
||||||
exit(0xff);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!subprocReset()) {
|
||||||
|
exit(0xff);
|
||||||
|
}
|
||||||
|
|
||||||
if (pipefd == -1) {
|
if (pipefd == -1) {
|
||||||
if (userInitNsFromParent(nsjconf, getpid()) == false) {
|
if (userInitNsFromParent(nsjconf, getpid()) == false) {
|
||||||
LOG_E("Couldn't initialize net user namespace");
|
LOG_E("Couldn't initialize net user namespace");
|
||||||
|
Loading…
Reference in New Issue
Block a user