diff options
| author | erdgeist <> | 2013-03-05 17:11:37 +0000 |
|---|---|---|
| committer | erdgeist <> | 2013-03-05 17:11:37 +0000 |
| commit | ec09a8dc8c25ce4f0c7f2d1539baf7a55829f761 (patch) | |
| tree | 32e58c34a637644987f2a882f45f89c0f4102891 | |
| parent | 6538f994c8f4cc9a327e49257b3db6c101b4a4c1 (diff) | |
Only keep filter and process alive, if we can store it in our pid table. Only store it in our pid table, if we can add the filter.
| -rw-r--r-- | jaildaemon.c | 55 |
1 files changed, 29 insertions, 26 deletions
diff --git a/jaildaemon.c b/jaildaemon.c index 1c6a86f..1c459c4 100644 --- a/jaildaemon.c +++ b/jaildaemon.c | |||
| @@ -286,7 +286,6 @@ static int add_task_to_kqueue( int kq, daemon_task * t_in ) { | |||
| 286 | struct kevent ke; | 286 | struct kevent ke; |
| 287 | daemon_task * t; | 287 | daemon_task * t; |
| 288 | pid_t pid; | 288 | pid_t pid; |
| 289 | size_t i; | ||
| 290 | 289 | ||
| 291 | if( check_for_jail( t_in->m_jid ) ) { | 290 | if( check_for_jail( t_in->m_jid ) ) { |
| 292 | syslog( LOG_ERR, "Invalid jail id: %d", t_in->m_jid ); | 291 | syslog( LOG_ERR, "Invalid jail id: %d", t_in->m_jid ); |
| @@ -314,34 +313,38 @@ static int add_task_to_kqueue( int kq, daemon_task * t_in ) { | |||
| 314 | /* Expect reply from fork slave */ | 313 | /* Expect reply from fork slave */ |
| 315 | pid = *(pid_t*)g_ipc_packet; | 314 | pid = *(pid_t*)g_ipc_packet; |
| 316 | 315 | ||
| 317 | /* Account for new pid */ | 316 | /* Associate pid with command line to execute and add to our kqueue */ |
| 318 | for( i = 0; i < g_probes_size; ++i ) | 317 | memset( &ke, 0, sizeof ke ); |
| 319 | if( !g_probes[i] ) { | 318 | EV_SET( &ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, t ); |
| 320 | g_probes[i] = pid; | 319 | if( kevent( kq, &ke, 1, NULL, 0, NULL ) == 0 ) { |
| 321 | break; | 320 | size_t i; |
| 322 | } | 321 | |
| 322 | /* Account for new pid */ | ||
| 323 | for( i = 0; i < g_probes_size; ++i ) | ||
| 324 | if( !g_probes[i] ) { | ||
| 325 | g_probes[i] = pid; | ||
| 326 | return 0; | ||
| 327 | } | ||
| 323 | 328 | ||
| 324 | /* No space for pid entry => make room */ | 329 | /* No space for pid entry => make room */ |
| 325 | if( i == g_probes_size ) { | 330 | if( i == g_probes_size ) { |
| 326 | size_t bytes = sizeof(pid_t) * g_probes_size; | 331 | size_t bytes = sizeof(pid_t) * g_probes_size; |
| 327 | pid_t *probes = realloc( g_probes, 4 * bytes ); | 332 | pid_t *probes = realloc( g_probes, 4 * bytes ); |
| 328 | /* If we can not allocate memory, just ignore. Worst case is a defunct | 333 | if( probes ) { |
| 329 | probe process in the jail once the daemon dies. Probably the probe | 334 | /* Erase new memory */ |
| 330 | will be killed anyway when the kevent below fails, too. */ | 335 | memset( probes + g_probes_size, 0, 3 * bytes ); |
| 331 | if( probes ) { | 336 | probes[g_probes_size] = pid; |
| 332 | /* Erase new memory */ | 337 | g_probes_size *= 4; |
| 333 | memset( probes + g_probes_size, 0, 3 * bytes ); | 338 | g_probes = probes; |
| 334 | probes[g_probes_size] = pid; | 339 | return 0; |
| 335 | g_probes_size *= 4; | 340 | } |
| 336 | g_probes = probes; | ||
| 337 | } | 341 | } |
| 338 | } | ||
| 339 | 342 | ||
| 340 | /* Associate pid with command line to execute and add to our kqueue */ | 343 | /* If we added a kevent filter but failed to store the pid for our |
| 341 | memset( &ke, 0, sizeof ke ); | 344 | house keeping, remove the kqueuei filter again (and kill probe) */ |
| 342 | EV_SET( &ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, t ); | 345 | EV_SET( &ke, pid, EVFILT_PROC, EV_DELETE, NOTE_EXIT, 0, t ); |
| 343 | if( kevent( kq, &ke, 1, NULL, 0, NULL ) == 0 ) | 346 | kevent( kq, &ke, 1, NULL, 0, NULL ); |
| 344 | return 0; | 347 | } |
| 345 | 348 | ||
| 346 | /* Avoid an unused task in the jail. Kill it. */ | 349 | /* Avoid an unused task in the jail. Kill it. */ |
| 347 | warn( "Can not put pid on the kqueue. Killing task." ); | 350 | warn( "Can not put pid on the kqueue. Killing task." ); |