ujail: send SIGKILL to jail process if SIGTERM fails

[project/procd.git] / jail / jail.c

diff --git a/jail/jail.c b/jail/jail.c
index e42525484779cefe341f2142d805810174370224..834d67771d4606427254afd88068b3cc9ed78583 100644 (file)
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -244,7 +244,7 @@ static int exec_jail(void *_notused)
                exit(EXIT_FAILURE);
        }
 
-       if (opts.namespace && opts.hostname
+       if (opts.namespace && opts.hostname && strlen(opts.hostname) > 0
                        && sethostname(opts.hostname, strlen(opts.hostname))) {
                ERROR("sethostname(%s) failed: %s\n", opts.hostname, strerror(errno));
                exit(EXIT_FAILURE);
@@ -269,8 +269,14 @@ static int exec_jail(void *_notused)
 static int jail_running = 1;
 static int jail_return_code = 0;
 
+static void jail_process_timeout_cb(struct uloop_timeout *t);
+static struct uloop_timeout jail_process_timeout = {
+       .cb = jail_process_timeout_cb,
+};
+
 static void jail_process_handler(struct uloop_process *c, int ret)
 {
+       uloop_timeout_cancel(&jail_process_timeout);
        if (WIFEXITED(ret)) {
                jail_return_code = WEXITSTATUS(ret);
                INFO("jail (%d) exited with exit: %d\n", c->pid, jail_return_code);
@@ -286,6 +292,12 @@ static struct uloop_process jail_process = {
        .cb = jail_process_handler,
 };
 
+static void jail_process_timeout_cb(struct uloop_timeout *t)
+{
+       DEBUG("jail process failed to stop, sending SIGKILL\n");
+       kill(jail_process.pid, SIGKILL);
+}
+
 int main(int argc, char **argv)
 {
        uid_t uid = getuid();
@@ -386,9 +398,10 @@ int main(int argc, char **argv)
 
        uloop_init();
        if (opts.namespace) {
-               jail_process.pid = clone(exec_jail,
-                       child_stack + STACK_SIZE,
-                       CLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | SIGCHLD, NULL);
+               int flags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | SIGCHLD;
+               if (opts.hostname)
+                       flags |= CLONE_NEWUTS;
+               jail_process.pid = clone(exec_jail, child_stack + STACK_SIZE, flags, NULL);
        } else {
                jail_process.pid = fork();
        }
@@ -397,12 +410,13 @@ int main(int argc, char **argv)
                /* parent process */
                uloop_process_add(&jail_process);
                uloop_run();
-               uloop_done();
                if (jail_running) {
                        DEBUG("uloop interrupted, killing jail process\n");
                        kill(jail_process.pid, SIGTERM);
-                       waitpid(jail_process.pid, NULL, 0);
+                       uloop_timeout_set(&jail_process_timeout, 1000);
+                       uloop_run();
                }
+               uloop_done();
                return jail_return_code;
        } else if (jail_process.pid == 0) {
                /* fork child process */