StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Fix resource leak

Browse Source 
Resulted in a lot of zombie processes.

PiperOrigin-RevId: 283545337
Change-Id: Ia6b2fd24fc6fc0eed4a7aa415e264618739e8234
This commit is contained in:
Wiktor Garbacz 2019-12-03 07:58:49 -08:00 committed by Copybara-Service
parent 035965060a
commit ece90e0bda
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sandboxed_api/sandbox2/forkserver.cc
View File

@ -445,7 +445,7 @@ pid_t ForkServer::ServeRequest() {
// We first just fork a child, which will join the initial namespaces
// Note: Not a regular fork() as one really needs to be single-threaded to
// setns and this is not the case with TSAN.
pid_t pid = util::ForkWithFlags(0);
pid_t pid = util::ForkWithFlags(SIGCHLD);
SAPI_RAW_PCHECK(pid != -1, "fork failed");
if (pid == 0) {
SAPI_RAW_PCHECK(setns(initial_userns_fd_, CLONE_NEWUSER) != -1,
@ -572,7 +572,7 @@ void ForkServer::CreateInitialNamespaces() {
int fds[2];
SAPI_RAW_PCHECK(socketpair(AF_UNIX, SOCK_STREAM, 0, fds) != -1,
"creating socket");
pid_t pid = util::ForkWithFlags(CLONE_NEWUSER | CLONE_NEWNS);
pid_t pid = util::ForkWithFlags(CLONE_NEWUSER | CLONE_NEWNS | SIGCHLD);
SAPI_RAW_PCHECK(pid != -1, "failed to fork initial namespaces process");
char unused = '\0';
if (pid == 0) {