From: Michael Tremer Date: Thu, 6 Feb 2025 20:50:57 +0000 (+0000) Subject: jail: Listen to SIGTERM and terminate the jail X-Git-Tag: 0.9.30~107 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d3064a4aa8472cb72324c91a9446854348610ed2;p=pakfire.git jail: Listen to SIGTERM and terminate the jail Signed-off-by: Michael Tremer --- diff --git a/src/pakfire/jail.c b/src/pakfire/jail.c index 113b9a06..0d7e1d42 100644 --- a/src/pakfire/jail.c +++ b/src/pakfire/jail.c @@ -910,8 +910,31 @@ static int pakfire_jail_wait_for_signal(struct pakfire_jail* jail, int fd) { } // This is only to block the signal -static int pakfire_jail_SIGCHLD(sd_event_source* source, - const struct signalfd_siginfo* si, void* data) { +static int pakfire_jail_SIGCHLD( + sd_event_source* source, const struct signalfd_siginfo* si, void* data) { + return 0; +} + +static int pakfire_jail_SIGTERM( + sd_event_source* source, const struct signalfd_siginfo* si, void* data) { + struct pakfire_jail_exec* ctx = data; + struct pakfire_jail* self = ctx->jail; + int r; + + // Log action + DEBUG(self->ctx, "Received SIGTERM\n"); + + // Fail if we don't have a PID file descriptor + if (ctx->pidfd < 0) + return -ENOTSUP; + + // Send a signal to the child process + r = pidfd_send_signal(ctx->pidfd, SIGKILL, NULL, 0); + if (r < 0) { + ERROR(self->ctx, "Could not terminate jail: %m\n"); + return -errno; + } + return 0; } @@ -1361,9 +1384,17 @@ static int __pakfire_jail_exec(struct pakfire_jail* jail, // Listen for SIGCHLD r = sd_event_add_signal(ctx.loop, NULL, SIGCHLD|SD_EVENT_SIGNAL_PROCMASK, - pakfire_jail_SIGCHLD, NULL); + pakfire_jail_SIGCHLD, NULL); + if (r < 0) { + ERROR(jail->ctx, "Failed to register SIGCHLD: %s\n", strerror(-r)); + goto ERROR; + } + + // Listen for SIGTERM + r = sd_event_add_signal(ctx.loop, NULL, SIGTERM|SD_EVENT_SIGNAL_PROCMASK, + pakfire_jail_SIGTERM, &ctx); if (r < 0) { - ERROR(jail->ctx, "Could not register handling SIGCHLD: %s\n", strerror(-r)); + ERROR(jail->ctx, "Failed to register SIGTERM: %s\n", strerror(-r)); goto ERROR; }