diff options
| -rw-r--r-- | jaildaemon.c | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/jaildaemon.c b/jaildaemon.c index 3ae8612..7dad058 100644 --- a/jaildaemon.c +++ b/jaildaemon.c | |||
| @@ -36,7 +36,6 @@ typedef struct { | |||
| 36 | } daemon_task; | 36 | } daemon_task; |
| 37 | 37 | ||
| 38 | /* Forward declarations */ | 38 | /* Forward declarations */ |
| 39 | static void signal_handler( int signal ); | ||
| 40 | static void term_handler( int signal ); | 39 | static void term_handler( int signal ); |
| 41 | static void kill_all_probes( void ); | 40 | static void kill_all_probes( void ); |
| 42 | static int check_for_jail( int jid ); | 41 | static int check_for_jail( int jid ); |
| @@ -49,14 +48,8 @@ static void exerr( char * message ); | |||
| 49 | static void warn( char * message ); | 48 | static void warn( char * message ); |
| 50 | static void usage( char * command ); | 49 | static void usage( char * command ); |
| 51 | 50 | ||
| 52 | /* This is the handler installed in the jailed process. It will exit with the | 51 | /* This handler ensures that we clean up our probes if asked to terminate |
| 53 | proper exit code to make the host system daemon recognize the process has | 52 | gracefully */ |
| 54 | deliberately killed itself and was not just shutdown with the jail */ | ||
| 55 | static void signal_handler( int signal ) { | ||
| 56 | if( signal == SIGHUP ) | ||
| 57 | _exit( MAGIC_EXIT_CODE ); | ||
| 58 | } | ||
| 59 | |||
| 60 | static void term_handler( int signal ) { | 53 | static void term_handler( int signal ) { |
| 61 | if( signal == SIGTERM ) | 54 | if( signal == SIGTERM ) |
| 62 | exit(0); | 55 | exit(0); |
| @@ -174,28 +167,27 @@ static int check_for_jail( int jid ) { | |||
| 174 | } | 167 | } |
| 175 | 168 | ||
| 176 | static pid_t fork_and_jail( int jid, char * proctitle ) { | 169 | static pid_t fork_and_jail( int jid, char * proctitle ) { |
| 170 | int sig; | ||
| 177 | pid_t pid = fork(); | 171 | pid_t pid = fork(); |
| 178 | if( !pid ) { | 172 | if( !pid ) { |
| 179 | struct sigaction sa; | 173 | sigset_t sigset; |
| 180 | 174 | ||
| 181 | /* Set proctitle so that jail's pgrep -f can identify the process */ | 175 | /* Set proctitle so that jail's pgrep -f can identify the process */ |
| 182 | if( proctitle && *proctitle ) | 176 | if( proctitle && *proctitle ) |
| 183 | setproctitle( "%s", proctitle ); | 177 | setproctitle( "%s", proctitle ); |
| 184 | 178 | ||
| 185 | /* Setup signal handler for SIGHUP */ | ||
| 186 | sa.sa_handler = signal_handler; | ||
| 187 | sigemptyset(&sa.sa_mask); | ||
| 188 | sa.sa_flags = SA_RESTART; | ||
| 189 | if( sigaction(SIGHUP, &sa, NULL) == -1 ) | ||
| 190 | exerr( "when install signal handler" ); | ||
| 191 | |||
| 192 | /* Throw ourself into the jail */ | 179 | /* Throw ourself into the jail */ |
| 193 | if( jail_attach( jid ) ) | 180 | if( jail_attach( jid ) ) |
| 194 | exerr( "when attaching to jail" ); | 181 | exerr( "when attaching to jail" ); |
| 195 | 182 | ||
| 196 | /* Spin and wait for SIGHUP */ | 183 | /* wait for SIGHUP */ |
| 197 | while( 1 ) | 184 | sigemptyset(&sigset); |
| 198 | sleep(32); | 185 | sigaddset(&sigset, SIGHUP); |
| 186 | sigprocmask(SIG_BLOCK, &sigset, NULL); | ||
| 187 | while( !sigwait( &sigset, &sig ) ) | ||
| 188 | if( sig == SIGHUP ) | ||
| 189 | exit( MAGIC_EXIT_CODE ); | ||
| 190 | exit(0); | ||
| 199 | } | 191 | } |
| 200 | return pid; | 192 | return pid; |
| 201 | } | 193 | } |
| @@ -281,7 +273,6 @@ static void fork_and_execve( int kq, daemon_task * t_in ) { | |||
| 281 | 273 | ||
| 282 | static void kill_all_probes( void ) { | 274 | static void kill_all_probes( void ) { |
| 283 | size_t i; | 275 | size_t i; |
| 284 | syslog( LOG_ERR, "KILLING PROBES" ); | ||
| 285 | if( g_probes ) | 276 | if( g_probes ) |
| 286 | for( i = 0; i < g_probes_size; ++i ) | 277 | for( i = 0; i < g_probes_size; ++i ) |
| 287 | if( g_probes[i] ) | 278 | if( g_probes[i] ) |