Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/bin/pid-ns-init
Commit message (Collapse)AuthorAgeFilesLines
* pid-ns-init: Fix typo in comment.Arfrever Frehtes Taifersar Arahesis2019-09-141-1/+1
| | | | | Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Zac Medico <zmedico@gentoo.org>
* pid-sandbox: handle EnvironmentError for python2 compat (bug 675868)Zac Medico2019-01-281-2/+2
| | | | | | | | | | The fcntl.ioctl call raises IOError, which is different from OSError for python2. Use EnvironmentError for compatibility. Bug: https://bugs.gentoo.org/675868 Reported-by: Ivan Ivanich <ivanich@ivanich.org.ua> Fixes: ce0656337268 ("pid-sandbox: pid-ns-init TIOCSCTTY after setsid (bug 675868)") Signed-off-by: Zac Medico <zmedico@gentoo.org>
* pid-sandbox: pid-ns-init TIOCSCTTY after setsid (bug 675868)Zac Medico2019-01-271-0/+13
| | | | | | | | | Set the controlling terminal to the stdout pty after calling setsid, in order to avoid "No such device or address" ENXIO errors when attempting to open /dev/tty. Bug: https://bugs.gentoo.org/675868 Signed-off-by: Zac Medico <zmedico@gentoo.org>
* pid-sandbox: run pid-ns-init as root (bug 675868)Arfrever Frehtes Taifersar Arahesis2019-01-221-19/+30
| | | | | | | | | | Drop permissions only for subprocess of pid-ns-init but not pid-ns-init itself. With FEATURES="pid-sandbox userpriv", pid-ns-init should be run with unchanged permissions (usually UID=0, GID=0). Bug: https://bugs.gentoo.org/675868 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Zac Medico <zmedico@gentoo.org>
* pid-sandbox: pid-ns-init setsid support (bug 675870)Zac Medico2019-01-221-3/+13
| | | | | | | | | Use setsid to isolate the parent process from signals sent to the process group, and forward signals to the entire process group with kill(0, signum). Bug: https://bugs.gentoo.org/675870 Signed-off-by: Zac Medico <zmedico@gentoo.org>
* pid-ns-init: fix child process signal disposition (bug 675828)Zac Medico2019-01-201-6/+33
| | | | | | | | | | | | | Use subprocess.Popen to correctly configure the signal disposition of the child process, since os.fork leaves the signal disposition in a state which may be inappropriate for various signals including SIGPIPE, SIGQUIT, SIGTERM, and SIGINT. For python implementations other that CPython >= 3, use preexec_fn to manually configure the signal disposition (I have found that this is necessary for CPython 2.7 and all PyPy versions tested, including PyPy3). Bug: https://bugs.gentoo.org/675828 Signed-off-by: Zac Medico <zmedico@gentoo.org>
* pid-sandbox: execute pid-ns-init as pid 1 (bug 675312)Zac Medico2019-01-141-4/+40
| | | | | | | | | | | | | | Execute pid-ns-init as the first fork after unshare, as required for it to have pid 1 and become the default reaper of orphaned descendant processes. In _exec, exec a separate pid-ns-init process to behave as a supervisor which will forward signals to init and forward exit status to the parent process. Fixes: a75d5546e3a4 ("Introduce a tiny init replacement for inside pid namespace") Bug: https://bugs.gentoo.org/675312 Reviewed-by: Brian Dolbec <dolsen@gentoo.org> Signed-off-by: Zac Medico <zmedico@gentoo.org>
* Introduce a tiny init replacement for inside pid namespaceMichał Górny2018-11-181-0/+30
Reviewed-by: Zac Medico <zmedico@gentoo.org> Signed-off-by: Michał Górny <mgorny@gentoo.org>