Gentoo Archives: gentoo-portage-dev

From:	Zac Medico <zmedico@g.o>
To:	gentoo-portage-dev@l.g.o
Cc:	Zac Medico <zmedico@g.o>
Subject:	[gentoo-portage-dev] [PATCH] pid-sandbox: pid-ns-init setsid support (bug 675870)
Date:	Tue, 22 Jan 2019 08:02:35
Message-Id:	`20190122080017.25673-1-zmedico@gentoo.org`

1	Use setsid to isolate the parent process from signals sent
2	to the process group, and forward signals to the entire
3	process group with kill(0, signum).
4
5	Bug: https://bugs.gentoo.org/675870
6	Signed-off-by: Zac Medico <zmedico@g.o>
7	---
8	bin/pid-ns-init \| 12 +++++++++---
9	1 file changed, 9 insertions(+), 3 deletions(-)
10
11	diff --git a/bin/pid-ns-init b/bin/pid-ns-init
12	index f9b8cc4f3..8d404f40d 100644
13	--- a/bin/pid-ns-init
14	+++ b/bin/pid-ns-init
15	@@ -33,8 +33,8 @@ KILL_SIGNALS = (
16	)
17
18
19	-def forward_kill_signal(main_child_pid, signum, frame):
20	- os.kill(main_child_pid, signum)
21	+def forward_kill_signal(pid, signum, frame):
22	+ os.kill(pid, signum)
23
24
25	def main(argv):
26	@@ -47,6 +47,7 @@ def main(argv):
27	# (forwarding signals to init and forwarding exit status to the parent
28	# process).
29	main_child_pid = int(argv[1])
30	+ setsid = False
31	proc = None
32	else:
33	# The current process is init (pid 1) in a child pid namespace.
34	@@ -55,11 +56,16 @@ def main(argv):
35	popen_kwargs = {}
36	if sys.version_info.major > 2:
37	popen_kwargs['pass_fds'] = pass_fds
38	+ # Isolate parent process from process group SIGSTOP (bug 675870)
39	+ setsid = True
40	+ os.setsid()
41	proc = subprocess.Popen(args, executable=binary,
42	preexec_fn=signal_disposition_preexec, **popen_kwargs)
43	main_child_pid = proc.pid
44
45	- sig_handler = functools.partial(forward_kill_signal, main_child_pid)
46	+ # If setsid has been called, use kill(0, signum) to
47	+ # forward signals to the entire process group.
48	+ sig_handler = functools.partial(forward_kill_signal, 0 if setsid else main_child_pid)
49	for signum in KILL_SIGNALS:
50	signal.signal(signum, sig_handler)
51
52	--
53	2.18.1

Report Message

Find on MARC Find on Google Groups