[PATCH 64/77] policycoreutils: sandbox: cntrl-c should kill entire

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 25 Aug 2011 16:48:30 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5WtR0ACgkQrlYvE4MpobNVngCfR9CAWZvK0P1Edsnp3wlk4btD
P9sAnRaPfmE+sRCCs/xnezIhfUkY+NNo
=4rE8
-----END PGP SIGNATURE-----
>From a9e7352c033727aab5edf4ee5b1255299aeeeba6 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Wed, 6 Jul 2011 20:52:05 -0400
Subject: [PATCH 64/77] policycoreutils: sandbox: cntrl-c should kill entire
 process control group

Change the signal handler to handle ctrl-C and exit properly

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 policycoreutils/sandbox/seunshare.c |   22 +++++++++++++++++++---
 1 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index ec46619..a281a6e 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -56,6 +56,7 @@
 #define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] [ -C ] [-t tmpdir] [-h homedir] [-Z context] -- executable [args]")
 
 static int verbose = 0;
+static int child = 0;
 
 static capng_select_t cap_set = CAPNG_SELECT_BOTH;
 
@@ -87,6 +88,13 @@ static int drop_privs(uid_t uid)
 }
 
 /**
+ * If the user sends a siginto to seunshare, kill the child's session
+ */
+void handler(int sig) {
+	if (child > 0) kill(-child,sig);
+}
+
+/**
  * Take care of any signal setup.
  */
 static int set_signal_handles(void)
@@ -107,6 +115,11 @@ static int set_signal_handles(void)
 		return -1;
 	}
 
+	if (signal(SIGINT, handler) == SIG_ERR) {
+		perror("Unable to set SIGINT handler");
+		return -1;
+	}
+
 	return 0;
 }
 
@@ -813,7 +826,7 @@ int main(int argc, char **argv) {
 
 	int clflag;		/* holds codes for command line flags */
 	int usecgroups = 0;
-	int kill = 0;
+	int kill_all = 0;
 
 	char *homedir_s = NULL;	/* homedir spec'd by user in argv[] */
 	char *tmpdir_s = NULL;	/* tmpdir spec'd by user in argv[] */
@@ -868,7 +881,7 @@ int main(int argc, char **argv) {
 			tmpdir_s = optarg;
 			break;
 		case 'k':
-			kill = 1;
+			kill_all = 1;
 			break;
 		case 'h':
 			homedir_s = optarg;
@@ -935,7 +948,7 @@ int main(int argc, char **argv) {
 	}
 
 	/* spawn child process */
-	int child = fork();
+	child = fork();
 	if (child == -1) {
 		perror(_("Unable to fork"));
 		goto err;
@@ -1008,6 +1021,9 @@ childerr:
 	waitpid(child, &status, 0);
 	status_to_retval(status, status);
 
+	/* Make sure all child processes exit */
+	kill(-child,SIGTERM);
+
 	if (execcon && kill_all)
 		killall(execcon);
 
-- 
1.7.6





