[gentoo-portage-dev] [PATCH] pid-sandbox: pid-ns-init setsid support (bug 675870)

public inbox for gentoo-portage-dev@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-portage-dev] [PATCH] pid-sandbox: pid-ns-init setsid support (bug 675870)
@ 2019-01-22  8:00 Zac Medico
  0 siblings, 0 replies; only message in thread
From: Zac Medico @ 2019-01-22  8:00 UTC (permalink / raw
  To: gentoo-portage-dev; +Cc: Zac Medico

Use setsid to isolate the parent process from signals sent
to the process group, and forward signals to the entire
process group with kill(0, signum).

Bug: https://bugs.gentoo.org/675870
Signed-off-by: Zac Medico <zmedico@gentoo.org>
---
 bin/pid-ns-init | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/bin/pid-ns-init b/bin/pid-ns-init
index f9b8cc4f3..8d404f40d 100644
--- a/bin/pid-ns-init
+++ b/bin/pid-ns-init
@@ -33,8 +33,8 @@ KILL_SIGNALS = (
 )
 
 
-def forward_kill_signal(main_child_pid, signum, frame):
-	os.kill(main_child_pid, signum)
+def forward_kill_signal(pid, signum, frame):
+	os.kill(pid, signum)
 
 
 def main(argv):
@@ -47,6 +47,7 @@ def main(argv):
 		# (forwarding signals to init and forwarding exit status to the parent
 		# process).
 		main_child_pid = int(argv[1])
+		setsid = False
 		proc = None
 	else:
 		# The current process is init (pid 1) in a child pid namespace.
@@ -55,11 +56,16 @@ def main(argv):
 		popen_kwargs = {}
 		if sys.version_info.major > 2:
 			popen_kwargs['pass_fds'] = pass_fds
+		# Isolate parent process from process group SIGSTOP (bug 675870)
+		setsid = True
+		os.setsid()
 		proc = subprocess.Popen(args, executable=binary,
 			preexec_fn=signal_disposition_preexec, **popen_kwargs)
 		main_child_pid = proc.pid
 
-	sig_handler = functools.partial(forward_kill_signal, main_child_pid)
+	# If setsid has been called, use kill(0, signum) to
+	# forward signals to the entire process group.
+	sig_handler = functools.partial(forward_kill_signal, 0 if setsid else main_child_pid)
 	for signum in KILL_SIGNALS:
 		signal.signal(signum, sig_handler)
 
-- 
2.18.1



^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2019-01-22  8:02 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-22  8:00 [gentoo-portage-dev] [PATCH] pid-sandbox: pid-ns-init setsid support (bug 675870) Zac Medico

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox