From: Michael Tremer Date: Tue, 18 Jul 2023 15:50:14 +0000 (+0000) Subject: jail: Group prctl() calls together X-Git-Tag: 0.9.29~99 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=90503c531401358b26efb4d463ee5c0c8a36d1d0;p=pakfire.git jail: Group prctl() calls together Signed-off-by: Michael Tremer --- diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c index 2b0f5715f..1adbda033 100644 --- a/src/libpakfire/jail.c +++ b/src/libpakfire/jail.c @@ -1593,13 +1593,6 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe // Redirect any logging to our log pipe pakfire_set_log_callback(jail->pakfire, pakfire_jail_log, &ctx->pipes); - // Die with parent - r = prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); - if (r) { - ERROR(jail->pakfire, "Could not configure to die with parent: %m\n"); - return 126; - } - // Fetch my own PID pid_t pid = getpid(); @@ -1610,7 +1603,26 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe if (r) return r; - // Perform further initialization + // Die with parent + r = prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); + if (r) { + ERROR(jail->pakfire, "Could not configure to die with parent: %m\n"); + return 126; + } + + // Make this process dumpable + r = prctl (PR_SET_DUMPABLE, 1, 0, 0, 0); + if (r) { + ERROR(jail->pakfire, "Could not make the process dumpable: %m\n"); + return 126; + } + + // Don't drop any capabilities on setuid() + r = prctl(PR_SET_KEEPCAPS, 1); + if (r) { + ERROR(jail->pakfire, "Could not set PR_SET_KEEPCAPS: %m\n"); + return 126; + } // Fetch UID/GID uid_t uid = getuid(); @@ -1735,13 +1747,6 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe if (r) return r; - // Don't drop any capabilities on execve() - r = prctl(PR_SET_KEEPCAPS, 1); - if (r) { - ERROR(jail->pakfire, "Could not set PR_SET_KEEPCAPS: %m\n"); - return r; - } - // Set capabilities r = pakfire_jail_set_capabilities(jail); if (r)