git.ipfire.org Git - thirdparty/util-linux.git/commit

author	Patrick Steinhardt <ps@pks.im>
	Tue, 10 Apr 2018 11:08:21 +0000 (12:08 +0100)
committer	Karel Zak <kzak@redhat.com>
	Tue, 10 Apr 2018 11:52:21 +0000 (13:52 +0200)
commit	23f54ce77773aa77f578084f2212b9173827fdc1
tree	c2fc07ddba0da2098ac14d734dad5af72c3e08f5	tree \| snapshot
parent	20a480729791f59a4bac0fa5cadffeb4b832f0ec	commit \| diff

setpriv: implement option to set parent death signal

When a process uses the syscall `prctl(PR_SET_PDEATHSIG, ...)`, it will
get notified with a process-defined signal as soon as its parent process
dies. This is for example being used by unshare(1)'s recently added
"--kill-child" option, causing the forked child to be killed as soon as
unshare itself dies.

Unfortunately, some LSMs will cause the parent death signal to be reset
when a process changes credentials, with the most important ones being
SELinux and AppArmor. The following command will thus not work as
expected:

unshare --fork --kill-child setpriv --reuid user <executable>

As soon as setpriv changes UID, the parent death signal is cleared and
the child will never get signalled when unshare gets killed.

Add a new option "--pdeathsig keep|clear|<signal>". Setting this flag
will cause us to either

- restore the previously active parent death signal as soon as the
setpriv has applied all credential changes
- clear the parent death signal
- set the parent death signal to "<signal>"

Furthermore, print out the currently set signal when dumping process
state.

[kzak@redhat.com: - small changes in codding style]

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Karel Zak <kzak@redhat.com>

sys-utils/setpriv.1		diff \| blob \| blame \| history
sys-utils/setpriv.c		diff \| blob \| blame \| history