StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Fail in monitor if init process pid not received

Browse Source 
PiperOrigin-RevId: 266886637
Change-Id: I4e896ebda8d9e15d0aefcb4139c8dc07ab938502
This commit is contained in:
Wiktor Garbacz 2019-09-03 02:36:41 -07:00 committed by Copybara-Service
parent 84702e6c97
commit da3c6c138e
2 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sandboxed_api/sandbox2/executor.cc
View File

@ -153,16 +153,16 @@ pid_t Executor::StartSubProcess(int32_t clone_flags, const Namespace* ns,
pid_t sandboxee_pid = fork_client_->SendRequest( pid_t sandboxee_pid = fork_client_->SendRequest(
request, exec_fd_, client_comms_fd_, ns_fd, &init_pid); request, exec_fd_, client_comms_fd_, ns_fd, &init_pid);
if (init_pid == -1) { if (init_pid < 0) {
LOG(ERROR) << "Could not obtain init PID"; LOG(ERROR) << "Could not obtain init PID";
} else if (init_pid == 0 && request.clone_flags() & CLONE_NEWPID) { } else if (init_pid == 0 && request.clone_flags() & CLONE_NEWPID) {
LOG(FATAL) LOG(FATAL)
<< "No init process was spawned even though a PID NS was created, " << "No init process was spawned even though a PID NS was created, "
<< "potential logic bug"; << "potential logic bug";
} else if (init_pid > 0) { }
if (init_pid_out) {
*init_pid_out = init_pid; if (init_pid_out) {
} *init_pid_out = init_pid;
} }
started_ = true; started_ = true;

13
sandboxed_api/sandbox2/monitor.cc
View File

@ -199,17 +199,16 @@ void Monitor::Run() {
// Get PID of the sandboxee. // Get PID of the sandboxee.
pid_t init_pid = 0; pid_t init_pid = 0;
pid_ = executor_->StartSubProcess(clone_flags, policy_->GetNamespace(), Namespace* ns = policy_->GetNamespace();
policy_->GetCapabilities(), &init_pid); bool should_have_init = ns && (ns->GetCloneFlags() & CLONE_NEWPID);
pid_ = executor_->StartSubProcess(clone_flags, ns, policy_->GetCapabilities(),
&init_pid);
if (init_pid < 0) { if (init_pid > 0) {
// TODO(hamacher): does this require additional handling here?
LOG(ERROR) << "Spawning init process failed";
} else if (init_pid > 0) {
PCHECK(ptrace(PTRACE_SEIZE, init_pid, 0, PTRACE_O_EXITKILL) == 0); PCHECK(ptrace(PTRACE_SEIZE, init_pid, 0, PTRACE_O_EXITKILL) == 0);
} }
if (pid_ < 0) { if (pid_ <= 0 || (should_have_init && init_pid <= 0)) {
SetExitStatusCode(Result::SETUP_ERROR, Result::FAILED_SUBPROCESS); SetExitStatusCode(Result::SETUP_ERROR, Result::FAILED_SUBPROCESS);
return; return;
} }