mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Fix deadlock in forkserver if setting ns fails
Also make sure we don't kill everything (with a `kill(-1, SIGKILL)`) if reading the pid fails. PiperOrigin-RevId: 536371566 Change-Id: I17f6ae36b73ec43735709ff16d276abaebb00d44
This commit is contained in:
parent
1c7dfdac12
commit
6cd83d68de
|
@ -485,11 +485,6 @@ pid_t ForkServer::ServeRequest() {
|
||||||
absl::Status status = SendPid(fd_closer1.get());
|
absl::Status status = SendPid(fd_closer1.get());
|
||||||
SAPI_RAW_CHECK(status.ok(),
|
SAPI_RAW_CHECK(status.ok(),
|
||||||
absl::StrCat("sending pid: ", status.message()).c_str());
|
absl::StrCat("sending pid: ", status.message()).c_str());
|
||||||
} else if (auto pid_or = ReceivePid(fd_closer0.get()); !pid_or.ok()) {
|
|
||||||
SAPI_RAW_LOG(ERROR, "receiving pid: %s",
|
|
||||||
std::string(pid_or.status().message()).c_str());
|
|
||||||
} else {
|
|
||||||
sandboxee_pid = pid_or.value();
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
sandboxee_pid = util::ForkWithFlags(clone_flags);
|
sandboxee_pid = util::ForkWithFlags(clone_flags);
|
||||||
|
@ -511,6 +506,14 @@ pid_t ForkServer::ServeRequest() {
|
||||||
|
|
||||||
fd_closer1.Close();
|
fd_closer1.Close();
|
||||||
|
|
||||||
|
if (avoid_pivot_root) {
|
||||||
|
if (auto pid = ReceivePid(fd_closer0.get()); !pid.ok()) {
|
||||||
|
SAPI_RAW_LOG(ERROR, "%s", std::string(pid.status().message()).c_str());
|
||||||
|
} else {
|
||||||
|
sandboxee_pid = pid.value();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (fork_request.clone_flags() & CLONE_NEWPID) {
|
if (fork_request.clone_flags() & CLONE_NEWPID) {
|
||||||
// The pid of the init process is equal to the child process that we've
|
// The pid of the init process is equal to the child process that we've
|
||||||
// previously forked.
|
// previously forked.
|
||||||
|
@ -520,7 +523,9 @@ pid_t ForkServer::ServeRequest() {
|
||||||
// receive the actual PID.
|
// receive the actual PID.
|
||||||
if (auto pid_or = ReceivePid(fd_closer0.get()); !pid_or.ok()) {
|
if (auto pid_or = ReceivePid(fd_closer0.get()); !pid_or.ok()) {
|
||||||
SAPI_RAW_LOG(ERROR, "%s", std::string(pid_or.status().message()).c_str());
|
SAPI_RAW_LOG(ERROR, "%s", std::string(pid_or.status().message()).c_str());
|
||||||
|
if (init_pid != -1) {
|
||||||
kill(init_pid, SIGKILL);
|
kill(init_pid, SIGKILL);
|
||||||
|
}
|
||||||
init_pid = -1;
|
init_pid = -1;
|
||||||
} else {
|
} else {
|
||||||
sandboxee_pid = pid_or.value();
|
sandboxee_pid = pid_or.value();
|
||||||
|
|
Loading…
Reference in New Issue
Block a user