[PATCH 36/67] policycoreutils: sandbox: cntrl-c should kill entire

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 15 Sep 2011 15:46:22 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5yVg4ACgkQrlYvE4MpobNpsQCeOvHOc0Ghx7Yo2VqnkfeLMgrQ
qzcAniZW3BkZWeEggzjv3vicTGN3tyqi
=Sg0b
-----END PGP SIGNATURE-----
>From c80376a1d96f75bf784bc5d40ce92dea700fe381 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Wed, 6 Jul 2011 20:52:05 -0400
Subject: [PATCH 36/67] policycoreutils: sandbox: cntrl-c should kill entire
 process control group

Change the signal handler to handle ctrl-C and exit properly

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
Acked-by: Dan Walsh <dwalsh@xxxxxxxxxx>
---
 policycoreutils/sandbox/seunshare.c |   22 +++++++++++++++++++---
 1 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index 5fa42fe..671d97c 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -56,6 +56,7 @@
 #define USAGE_STRING _("USAGE: seunshare [ -v ] [ -C ] [ -c ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z CONTEXT ] -- executable [args] ")
 
 static int verbose = 0;
+static int child = 0;
 
 static capng_select_t cap_set = CAPNG_SELECT_BOTH;
 
@@ -87,6 +88,13 @@ static int drop_privs(uid_t uid)
 }
 
 /**
+ * If the user sends a siginto to seunshare, kill the child's session
+ */
+void handler(int sig) {
+	if (child > 0) kill(-child,sig);
+}
+
+/**
  * Take care of any signal setup.
  */
 static int set_signal_handles(void)
@@ -107,6 +115,11 @@ static int set_signal_handles(void)
 		return -1;
 	}
 
+	if (signal(SIGINT, handler) == SIG_ERR) {
+		perror("Unable to set SIGINT handler");
+		return -1;
+	}
+
 	return 0;
 }
 
@@ -815,7 +828,7 @@ int main(int argc, char **argv) {
 
 	int clflag;		/* holds codes for command line flags */
 	int usecgroups = 0;
-	int kill = 0;
+	int kill_all = 0;
 
 	char *homedir_s = NULL;	/* homedir spec'd by user in argv[] */
 	char *tmpdir_s = NULL;	/* tmpdir spec'd by user in argv[] */
@@ -871,7 +884,7 @@ int main(int argc, char **argv) {
 			tmpdir_s = optarg;
 			break;
 		case 'k':
-			kill = 1;
+			kill_all = 1;
 			break;
 		case 'h':
 			homedir_s = optarg;
@@ -938,7 +951,7 @@ int main(int argc, char **argv) {
 	}
 
 	/* spawn child process */
-	int child = fork();
+	child = fork();
 	if (child == -1) {
 		perror(_("Unable to fork"));
 		goto err;
@@ -1011,6 +1024,9 @@ childerr:
 	waitpid(child, &status, 0);
 	status_to_retval(status, status);
 
+	/* Make sure all child processes exit */
+	kill(-child,SIGTERM);
+
 	if (execcon && kill_all)
 		killall(execcon);
 
-- 
1.7.6.2





