Fix deadlock in forkserver if setting ns fails

Also make sure we don't kill everything (with a `kill(-1, SIGKILL)`) if reading the pid fails.

PiperOrigin-RevId: 536371566
Change-Id: I17f6ae36b73ec43735709ff16d276abaebb00d44
This commit is contained in:
Wiktor Garbacz 2023-05-30 05:48:55 -07:00 committed by Copybara-Service
parent 1c7dfdac12
commit 6cd83d68de

View File

@ -485,11 +485,6 @@ pid_t ForkServer::ServeRequest() {
absl::Status status = SendPid(fd_closer1.get()); absl::Status status = SendPid(fd_closer1.get());
SAPI_RAW_CHECK(status.ok(), SAPI_RAW_CHECK(status.ok(),
absl::StrCat("sending pid: ", status.message()).c_str()); absl::StrCat("sending pid: ", status.message()).c_str());
} else if (auto pid_or = ReceivePid(fd_closer0.get()); !pid_or.ok()) {
SAPI_RAW_LOG(ERROR, "receiving pid: %s",
std::string(pid_or.status().message()).c_str());
} else {
sandboxee_pid = pid_or.value();
} }
} else { } else {
sandboxee_pid = util::ForkWithFlags(clone_flags); sandboxee_pid = util::ForkWithFlags(clone_flags);
@ -511,6 +506,14 @@ pid_t ForkServer::ServeRequest() {
fd_closer1.Close(); fd_closer1.Close();
if (avoid_pivot_root) {
if (auto pid = ReceivePid(fd_closer0.get()); !pid.ok()) {
SAPI_RAW_LOG(ERROR, "%s", std::string(pid.status().message()).c_str());
} else {
sandboxee_pid = pid.value();
}
}
if (fork_request.clone_flags() & CLONE_NEWPID) { if (fork_request.clone_flags() & CLONE_NEWPID) {
// The pid of the init process is equal to the child process that we've // The pid of the init process is equal to the child process that we've
// previously forked. // previously forked.
@ -520,7 +523,9 @@ pid_t ForkServer::ServeRequest() {
// receive the actual PID. // receive the actual PID.
if (auto pid_or = ReceivePid(fd_closer0.get()); !pid_or.ok()) { if (auto pid_or = ReceivePid(fd_closer0.get()); !pid_or.ok()) {
SAPI_RAW_LOG(ERROR, "%s", std::string(pid_or.status().message()).c_str()); SAPI_RAW_LOG(ERROR, "%s", std::string(pid_or.status().message()).c_str());
if (init_pid != -1) {
kill(init_pid, SIGKILL); kill(init_pid, SIGKILL);
}
init_pid = -1; init_pid = -1;
} else { } else {
sandboxee_pid = pid_or.value(); sandboxee_pid = pid_or.value();