Change seunshare to send kill signals to the childs session.
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
This commit is contained in:
parent
af0f4926da
commit
a648c6f239
@ -2186,7 +2186,7 @@ index 0000000..c69ceda
|
|||||||
+and
|
+and
|
||||||
+.I Thomas Liu <tliu@fedoraproject.org>
|
+.I Thomas Liu <tliu@fedoraproject.org>
|
||||||
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
|
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
|
||||||
index ec692e7..431271f 100644
|
index ec692e7..2718a68 100644
|
||||||
--- a/policycoreutils/sandbox/seunshare.c
|
--- a/policycoreutils/sandbox/seunshare.c
|
||||||
+++ b/policycoreutils/sandbox/seunshare.c
|
+++ b/policycoreutils/sandbox/seunshare.c
|
||||||
@@ -1,27 +1,35 @@
|
@@ -1,27 +1,35 @@
|
||||||
@ -3290,7 +3290,7 @@ index ec692e7..431271f 100644
|
|||||||
+ /* Make sure all child processes exit */
|
+ /* Make sure all child processes exit */
|
||||||
+ kill(-child,SIGTERM);
|
+ kill(-child,SIGTERM);
|
||||||
+
|
+
|
||||||
+ if (execcon && kill)
|
+ if (execcon && kill_all)
|
||||||
+ killall(execcon);
|
+ killall(execcon);
|
||||||
+
|
+
|
||||||
+ if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
|
+ if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
|
||||||
|
@ -356,8 +356,6 @@ fi
|
|||||||
* Wed Jul 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-17
|
* Wed Jul 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-17
|
||||||
- Add -k qualifier to seunshare to have it attempt to kill all processes with
|
- Add -k qualifier to seunshare to have it attempt to kill all processes with
|
||||||
the matching MCS label.
|
the matching MCS label.
|
||||||
sandbox will default to using the -k, if the level was not specified.
|
|
||||||
This is added to make sure all processes are killed with the sandbox exits.
|
|
||||||
|
|
||||||
* Tue Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-16
|
* Tue Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-16
|
||||||
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
|
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
|
||||||
|
Loading…
Reference in New Issue
Block a user