[policycoreutils/f15] Change seunshare to send kill signals to the childs session. Also add signal handler to catch sigint
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Jul 7 18:55:09 UTC 2011
commit df863663f2051a5c336f958f731e7dd06c223f8d
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Jul 7 14:54:55 2011 -0400
Change seunshare to send kill signals to the childs session.
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
Add -k qualifier to seunshare to have it attempt to kill all processes with
the matching MCS label.
Add -C option to sandbox and seunshare to maintain capabilities, otherwise
the bounding set will be dropped.
Change --cgroups short name -c rather then -C for consistancy
Fix memory and fd leaks in seunshare
policycoreutils-sandbox.patch | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/policycoreutils-sandbox.patch b/policycoreutils-sandbox.patch
index 254dd89..4fcc345 100644
--- a/policycoreutils-sandbox.patch
+++ b/policycoreutils-sandbox.patch
@@ -382,7 +382,7 @@ diff -up policycoreutils-2.0.86/sandbox/seunshare.c.sandbox policycoreutils-2.0.
+ /* Make sure all child processes exit */
+ kill(-child,SIGTERM);
+
-+ if (execcon && kill)
++ if (execcon && kill_all)
+ killall(execcon);
+
if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
More information about the scm-commits
mailing list