diff options
author | erdgeist <> | 2013-03-05 17:11:37 +0000 |
---|---|---|
committer | erdgeist <> | 2013-03-05 17:11:37 +0000 |
commit | ec09a8dc8c25ce4f0c7f2d1539baf7a55829f761 (patch) | |
tree | 32e58c34a637644987f2a882f45f89c0f4102891 /jaildaemon.c | |
parent | 6538f994c8f4cc9a327e49257b3db6c101b4a4c1 (diff) |
Only keep filter and process alive, if we can store it in our pid table. Only store it in our pid table, if we can add the filter.
Diffstat (limited to 'jaildaemon.c')
-rw-r--r-- | jaildaemon.c | 55 |
1 files changed, 29 insertions, 26 deletions
diff --git a/jaildaemon.c b/jaildaemon.c index 1c6a86f..1c459c4 100644 --- a/jaildaemon.c +++ b/jaildaemon.c | |||
@@ -286,7 +286,6 @@ static int add_task_to_kqueue( int kq, daemon_task * t_in ) { | |||
286 | struct kevent ke; | 286 | struct kevent ke; |
287 | daemon_task * t; | 287 | daemon_task * t; |
288 | pid_t pid; | 288 | pid_t pid; |
289 | size_t i; | ||
290 | 289 | ||
291 | if( check_for_jail( t_in->m_jid ) ) { | 290 | if( check_for_jail( t_in->m_jid ) ) { |
292 | syslog( LOG_ERR, "Invalid jail id: %d", t_in->m_jid ); | 291 | syslog( LOG_ERR, "Invalid jail id: %d", t_in->m_jid ); |
@@ -314,34 +313,38 @@ static int add_task_to_kqueue( int kq, daemon_task * t_in ) { | |||
314 | /* Expect reply from fork slave */ | 313 | /* Expect reply from fork slave */ |
315 | pid = *(pid_t*)g_ipc_packet; | 314 | pid = *(pid_t*)g_ipc_packet; |
316 | 315 | ||
317 | /* Account for new pid */ | 316 | /* Associate pid with command line to execute and add to our kqueue */ |
318 | for( i = 0; i < g_probes_size; ++i ) | 317 | memset( &ke, 0, sizeof ke ); |
319 | if( !g_probes[i] ) { | 318 | EV_SET( &ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, t ); |
320 | g_probes[i] = pid; | 319 | if( kevent( kq, &ke, 1, NULL, 0, NULL ) == 0 ) { |
321 | break; | 320 | size_t i; |
322 | } | 321 | |
322 | /* Account for new pid */ | ||
323 | for( i = 0; i < g_probes_size; ++i ) | ||
324 | if( !g_probes[i] ) { | ||
325 | g_probes[i] = pid; | ||
326 | return 0; | ||
327 | } | ||
323 | 328 | ||
324 | /* No space for pid entry => make room */ | 329 | /* No space for pid entry => make room */ |
325 | if( i == g_probes_size ) { | 330 | if( i == g_probes_size ) { |
326 | size_t bytes = sizeof(pid_t) * g_probes_size; | 331 | size_t bytes = sizeof(pid_t) * g_probes_size; |
327 | pid_t *probes = realloc( g_probes, 4 * bytes ); | 332 | pid_t *probes = realloc( g_probes, 4 * bytes ); |
328 | /* If we can not allocate memory, just ignore. Worst case is a defunct | 333 | if( probes ) { |
329 | probe process in the jail once the daemon dies. Probably the probe | 334 | /* Erase new memory */ |
330 | will be killed anyway when the kevent below fails, too. */ | 335 | memset( probes + g_probes_size, 0, 3 * bytes ); |
331 | if( probes ) { | 336 | probes[g_probes_size] = pid; |
332 | /* Erase new memory */ | 337 | g_probes_size *= 4; |
333 | memset( probes + g_probes_size, 0, 3 * bytes ); | 338 | g_probes = probes; |
334 | probes[g_probes_size] = pid; | 339 | return 0; |
335 | g_probes_size *= 4; | 340 | } |
336 | g_probes = probes; | ||
337 | } | 341 | } |
338 | } | ||
339 | 342 | ||
340 | /* Associate pid with command line to execute and add to our kqueue */ | 343 | /* If we added a kevent filter but failed to store the pid for our |
341 | memset( &ke, 0, sizeof ke ); | 344 | house keeping, remove the kqueuei filter again (and kill probe) */ |
342 | EV_SET( &ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, t ); | 345 | EV_SET( &ke, pid, EVFILT_PROC, EV_DELETE, NOTE_EXIT, 0, t ); |
343 | if( kevent( kq, &ke, 1, NULL, 0, NULL ) == 0 ) | 346 | kevent( kq, &ke, 1, NULL, 0, NULL ); |
344 | return 0; | 347 | } |
345 | 348 | ||
346 | /* Avoid an unused task in the jail. Kill it. */ | 349 | /* Avoid an unused task in the jail. Kill it. */ |
347 | warn( "Can not put pid on the kqueue. Killing task." ); | 350 | warn( "Can not put pid on the kqueue. Killing task." ); |