From a648c6f239252282cd213e9a17887b5ffaf8c15c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 7 Jul 2011 14:53:37 -0400 Subject: [PATCH] Change seunshare to send kill signals to the childs session. Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown. --- policycoreutils-rhat.patch | 4 ++-- policycoreutils.spec | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 986eff0..0cbf513 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -2186,7 +2186,7 @@ index 0000000..c69ceda +and +.I Thomas Liu diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c -index ec692e7..431271f 100644 +index ec692e7..2718a68 100644 --- a/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c @@ -1,27 +1,35 @@ @@ -3290,7 +3290,7 @@ index ec692e7..431271f 100644 + /* Make sure all child processes exit */ + kill(-child,SIGTERM); + -+ if (execcon && kill) ++ if (execcon && kill_all) + killall(execcon); + + if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1); diff --git a/policycoreutils.spec b/policycoreutils.spec index 365c37e..7eb97f1 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -356,8 +356,6 @@ fi * Wed Jul 6 2011 Dan Walsh 2.0.86-17 - Add -k qualifier to seunshare to have it attempt to kill all processes with the matching MCS label. -sandbox will default to using the -k, if the level was not specified. -This is added to make sure all processes are killed with the sandbox exits. * Tue Jul 5 2011 Dan Walsh 2.0.86-16 - Add -C option to sandbox and seunshare to maintain capabilities, otherwise