From: "Mike Frysinger" <vapier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/sandbox:master commit in: /, libsandbox/
Date: Thu, 21 Oct 2021 22:30:48 +0000 (UTC) [thread overview]
Message-ID: <1634833015.44ca5fb71633b9199971299268e34baa36de3d93.vapier@gentoo> (raw)
commit: 44ca5fb71633b9199971299268e34baa36de3d93
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 21 16:16:55 2021 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Oct 21 16:16:55 2021 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=44ca5fb7
libsandbox: enable exitkill containment
If the ptrace code crashes/aborts for any reason, don't let the tracee
leak out. No one will be expecting this, and it could lead to zombie
processes hanging around.
This option is new to Linux 3.8. We could code this so that it would
fallback automatically to older versions of Linux, but with 3.8 being
released in 2013, doesn't seem like we need to support anyone that old.
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
README.md | 2 +-
libsandbox/trace.c | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index bf15128..087ff31 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,6 @@ It requires:
* s390 (32-bit & 64-bit)
* x86 (32-bit & 64-bit & x32)
* Operating system
- * [Linux](https://kernel.org/) 2.6.20+
+ * [Linux](https://kernel.org/) 3.8+
* C library
* They all should work!
diff --git a/libsandbox/trace.c b/libsandbox/trace.c
index 8394b71..4d145a3 100644
--- a/libsandbox/trace.c
+++ b/libsandbox/trace.c
@@ -507,7 +507,12 @@ void trace_main(const char *filename, char *const argv[])
sb_debug("parent waiting for child (pid=%i) to signal", trace_pid);
waitpid(trace_pid, NULL, 0);
do_ptrace(PTRACE_SETOPTIONS, NULL,
- (void *)(PTRACE_O_TRACESYSGOOD | PTRACE_O_TRACEEXEC | PTRACE_O_TRACEEXIT));
+ (void *)(uintptr_t)(
+ PTRACE_O_EXITKILL |
+ PTRACE_O_TRACEEXEC |
+ PTRACE_O_TRACEEXIT |
+ PTRACE_O_TRACESYSGOOD
+ ));
sb_close_all_fds();
trace_loop();
sb_ebort("ISE: child should have quit, as should we\n");
next reply other threads:[~2021-10-21 22:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-21 22:30 Mike Frysinger [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-03-09 18:27 [gentoo-commits] proj/sandbox:master commit in: /, libsandbox/ Mike Gilbert
2025-01-08 2:12 [gentoo-commits] proj/sandbox:stable-2.x commit in: libsandbox/, / Mike Gilbert
2025-01-14 4:38 ` [gentoo-commits] proj/sandbox:master commit in: /, libsandbox/ Mike Gilbert
2013-02-25 4:23 Mike Frysinger
2012-08-13 1:56 Mike Frysinger
2012-03-07 5:28 Mike Frysinger
2011-07-08 19:56 Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1634833015.44ca5fb71633b9199971299268e34baa36de3d93.vapier@gentoo \
--to=vapier@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox