Change seunshare to send kill signals to the childs session.

Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
2011-07-07 14:53:37 -04:00 · 2011-07-07 14:53:37 -04:00 · a648c6f239
commit a648c6f239
parent af0f4926da
2 changed files with 2 additions and 4 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -2186,7 +2186,7 @@ index 0000000..c69ceda
 +and
 +.I Thomas Liu <tliu@fedoraproject.org>
 diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..431271f 100644
+index ec692e7..2718a68 100644
 --- a/policycoreutils/sandbox/seunshare.c
 +++ b/policycoreutils/sandbox/seunshare.c
@@ -1,27 +1,35 @@
@ -3290,7 +3290,7 @@ index ec692e7..431271f 100644
 +	/* Make sure all child processes exit */
 +	kill(-child,SIGTERM);
 +
-+	if (execcon && kill)
+	if (execcon && kill_all)
 +		killall(execcon);
 +
 +	if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -356,8 +356,6 @@ fi
 * Wed Jul 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-17
 - Add -k qualifier to seunshare to have it attempt to kill all processes with 
 the matching MCS label.
-sandbox will default to using the -k, if the level was not specified.
-This is added to make sure all processes are killed with the sandbox exits.

 * Tue Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-16
 - Add -C option to sandbox and seunshare to maintain capabilities, otherwise