[PATCH 3/3] restorecond/user: handle SIGTERM properly

Nicolas Iooss <nicolas.iooss@xxxxxxx> · Mon, 13 Apr 2020 18:24:13 +0200

When restorecond starts, it installs a SIGTERM handler in order to exit
cleanly (by removing its PID file). When restorecond --user starts,
there is no PID file, and g_main_loop_run() does not stop when master_fd
is closed. This leads to an unkillable service, which is an issue.

Fix this by overriding the handler for SIGTERM in restorecond --user.

Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
 restorecond/user.c | 54 +++++++++++++++++++++++++++++++---------------
 1 file changed, 37 insertions(+), 17 deletions(-)

diff --git a/restorecond/user.c b/restorecond/user.c
index f940fd4e6678..a24b8407b048 100644
--- a/restorecond/user.c
+++ b/restorecond/user.c
@@ -46,6 +46,7 @@
 #include "restorecond.h"
 #include "stringslist.h"
 #include <glib.h>
+#include <glib-unix.h>
 
 static int local_lock_fd = -1;
 
@@ -250,35 +251,54 @@ static void end_local_server(void) {
 	local_lock_fd = -1;
 }
 
+static int sigterm_handler(gpointer user_data)
+{
+	GMainLoop *loop = user_data;
+
+	if (debug_mode)
+		g_print("Received SIGTERM, exiting\n");
+	g_main_loop_quit(loop);
+	return FALSE;
+}
+
+
 int server(int master_fd, const char *watch_file) {
-    GMainLoop *loop;
+	GMainLoop *loop;
 
-    loop = g_main_loop_new (NULL, FALSE);
+	loop = g_main_loop_new (NULL, FALSE);
 
 #ifdef HAVE_DBUS
-    if (dbus_server(loop) != 0)
+	if (dbus_server(loop) != 0)
 #endif /* HAVE_DBUS */
-	    if (local_server())
-		    goto end;
+		if (local_server())
+			goto end;
 
-    read_config(master_fd, watch_file);
+	read_config(master_fd, watch_file);
 
-    if (watch_list_isempty()) goto end;
+	if (watch_list_isempty())
+		goto end;
 
-    set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+	set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
 
-    GIOChannel *c = g_io_channel_unix_new(master_fd);
+	GIOChannel *c = g_io_channel_unix_new(master_fd);
 
-    g_io_add_watch_full( c,
-			 G_PRIORITY_HIGH,
-			 G_IO_IN|G_IO_ERR|G_IO_HUP,
-			 io_channel_callback, NULL, NULL);
+	g_io_add_watch_full(c,
+			    G_PRIORITY_HIGH,
+			    G_IO_IN|G_IO_ERR|G_IO_HUP,
+			    io_channel_callback, NULL, NULL);
 
-    g_main_loop_run (loop);
+	/* Handle SIGTERM */
+	g_unix_signal_add_full(G_PRIORITY_DEFAULT,
+			       SIGTERM,
+			       sigterm_handler,
+			       loop,
+			       NULL);
+
+	g_main_loop_run (loop);
 
 end:
-    end_local_server();
-    g_main_loop_unref (loop);
-    return 0;
+	end_local_server();
+	g_main_loop_unref (loop);
+	return 0;
 }
 
-- 
2.26.0







