mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Remove redundant process setup
PR_SET_PDEATHSIG is already issued for init process in SanitizeCurrentProcess Same for setsid PiperOrigin-RevId: 258142844 Change-Id: Iad9e94bd402d576c1b24caab0b03efc50e2df07e
This commit is contained in:
parent
9f36bd80d2
commit
8a4e665cba
|
@ -175,18 +175,13 @@ static void RunInitProcess(int signaling_fd, std::set<int> open_fds) {
|
||||||
SAPI_RAW_CHECK(sendmsg(signaling_fd, &msgh, 0), "Sending child PID");
|
SAPI_RAW_CHECK(sendmsg(signaling_fd, &msgh, 0), "Sending child PID");
|
||||||
return;
|
return;
|
||||||
} else if (child > 0) {
|
} else if (child > 0) {
|
||||||
// Perform some sanitization (basically equals to SanitizeEnvironment
|
|
||||||
// except that it does not require /proc to be available).
|
|
||||||
SAPI_RAW_CHECK(chdir("/") == 0, "changing init cwd failed");
|
SAPI_RAW_CHECK(chdir("/") == 0, "changing init cwd failed");
|
||||||
setsid();
|
|
||||||
if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0) != 0) {
|
|
||||||
SAPI_RAW_PLOG(ERROR, "prctl(PR_SET_PDEATHSIG, SIGKILL) failed");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (prctl(PR_SET_NAME, "S2-INIT-PROC", 0, 0, 0) != 0) {
|
if (prctl(PR_SET_NAME, "S2-INIT-PROC", 0, 0, 0) != 0) {
|
||||||
SAPI_RAW_PLOG(WARNING, "prctl(PR_SET_NAME, 'S2-INIT-PROC')");
|
SAPI_RAW_PLOG(WARNING, "prctl(PR_SET_NAME, 'S2-INIT-PROC')");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Close all open fds, do not use CloseAllFDsExcept as /proc might not be
|
||||||
|
// mounted here
|
||||||
for (const auto& fd : open_fds) {
|
for (const auto& fd : open_fds) {
|
||||||
close(fd);
|
close(fd);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user