Skip to content

Commit

Permalink
refs #23: Prevent self-interrupt of the sandbox.
Browse files Browse the repository at this point in the history
  • Loading branch information
@achimnol
achimnol committed Feb 15, 2017
1 parent 7d50307 commit 6edd21f
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 8 deletions.
4 changes: 2 additions & 2 deletions bin/jail
View file
Git LFS file not shown
14 changes: 8 additions & 6 deletions jail/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,23 +313,25 @@ loop:
case id_Tgkill:
targetTgid := int(regs.Rdi)
targetTid := int(regs.Rsi)
signum := uint(regs.Rdx)
if signum == uint(syscall.SIGKILL) {
signum := syscall.Signal(uint(regs.Rdx))
switch signum {
case syscall.SIGKILL, syscall.SIGINT, syscall.SIGTERM:
allow = (targetTgid != os.Getpid() &&
targetTid != pid &&
targetTid != os.Getpid() &&
targetTid != 1)
} else {
default:
allow = true
}
case id_Kill, id_Killpg, id_Tkill:
targetPid := int(regs.Rdi)
signum := uint(regs.Rsi)
if signum == uint(syscall.SIGKILL) {
signum := syscall.Signal(uint(regs.Rsi))
switch signum {
case syscall.SIGKILL, syscall.SIGINT, syscall.SIGTERM:
allow = (targetPid != pid &&
targetPid != os.Getpid() &&
targetPid != 1)
} else {
default:
allow = true
}
case id_Execve:
Expand Down

0 comments on commit 6edd21f

Please sign in to comment.