From ec09a8dc8c25ce4f0c7f2d1539baf7a55829f761 Mon Sep 17 00:00:00 2001
From: erdgeist <>
Date: Tue, 5 Mar 2013 17:11:37 +0000
Subject: Only keep filter and process alive, if we can store it in our pid
 table. Only store it in our pid table, if we can add the filter.

---
 jaildaemon.c | 55 +++++++++++++++++++++++++++++--------------------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/jaildaemon.c b/jaildaemon.c
index 1c6a86f..1c459c4 100644
--- a/jaildaemon.c
+++ b/jaildaemon.c
@@ -286,7 +286,6 @@ static int add_task_to_kqueue( int kq, daemon_task * t_in ) {
     struct kevent ke;
     daemon_task * t;
     pid_t pid;
-    size_t i;
 
     if( check_for_jail( t_in->m_jid ) ) {
         syslog( LOG_ERR, "Invalid jail id: %d", t_in->m_jid );
@@ -314,34 +313,38 @@ static int add_task_to_kqueue( int kq, daemon_task * t_in ) {
     /* Expect reply from fork slave */
     pid = *(pid_t*)g_ipc_packet;
 
-    /* Account for new pid */
-    for( i = 0; i < g_probes_size; ++i )
-        if( !g_probes[i] ) {
-            g_probes[i] = pid;
-            break;
-        }
+   /* Associate pid with command line to execute and add to our kqueue */
+    memset( &ke, 0, sizeof ke );
+    EV_SET( &ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, t );
+    if( kevent( kq, &ke, 1, NULL, 0, NULL ) == 0 ) {
+        size_t i;
+
+        /* Account for new pid */
+        for( i = 0; i < g_probes_size; ++i )
+            if( !g_probes[i] ) {
+                g_probes[i] = pid;
+                return 0;
+            }
 
-    /* No space for pid entry => make room */
-    if( i == g_probes_size ) {
-        size_t bytes = sizeof(pid_t) * g_probes_size;
-        pid_t *probes = realloc( g_probes, 4 * bytes );
-        /* If we can not allocate memory, just ignore. Worst case is a defunct
-           probe process in the jail once the daemon dies. Probably the probe
-           will be killed anyway when the kevent below fails, too. */
-        if( probes ) {
-            /* Erase new memory */
-            memset( probes +  g_probes_size, 0, 3 * bytes );
-            probes[g_probes_size] = pid;
-            g_probes_size *= 4;
-            g_probes = probes;
+        /* No space for pid entry => make room */
+        if( i == g_probes_size ) {
+            size_t bytes = sizeof(pid_t) * g_probes_size;
+            pid_t *probes = realloc( g_probes, 4 * bytes );
+            if( probes ) {
+                /* Erase new memory */
+                memset( probes +  g_probes_size, 0, 3 * bytes );
+                probes[g_probes_size] = pid;
+                g_probes_size *= 4;
+                g_probes = probes;
+                return 0;
+            }
         }
-    }
 
-    /* Associate pid with command line to execute and add to our kqueue */
-    memset( &ke, 0, sizeof ke );
-    EV_SET( &ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, t );
-    if( kevent( kq, &ke, 1, NULL, 0, NULL ) == 0 )
-        return 0;
+        /* If we added a kevent filter but failed to store the pid for our
+           house keeping, remove the kqueuei filter again (and kill probe) */
+        EV_SET( &ke, pid, EVFILT_PROC, EV_DELETE, NOTE_EXIT, 0, t );
+        kevent( kq, &ke, 1, NULL, 0, NULL );
+    }
 
     /* Avoid an unused task in the jail. Kill it. */
     warn( "Can not put pid on the kqueue. Killing task." );
-- 
cgit v1.2.3