Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / 38209f96a2c78501f76f547617eb70a3d01706e4^1..38209f96a2c78501f76f547617eb70a3d01706e4 / .
commit38209f96a2c78501f76f547617eb70a3d01706e4[log] [tgz]
authorStephen Barber <smbarber@chromium.org>Fri Oct 20 21:15:48 2017 +0000
committerandroid-build-merger <android-build-merger@google.com>Fri Oct 20 21:15:48 2017 +0000
tree052d368a2ba1868c8d0303fccdf0b06e24f01e77
parent9d77ca7adc2c2475d93c1671134d2521e809e1ad [diff]
parentaaf65feb587ee6caf5afbcf7e1c7aa53f981dc48 [diff]
move setpgid() from libminijail to minijail0 am: 5dd5b1bda5 am: d7b2b7f427 am: 06c0833203
am: aaf65feb58

Change-Id: I55ba927ab7b254778db3d0d223a04ef760f794d4

diff --git a/libminijail.c b/libminijail.c
index 9ae1c87..b6e2b1b 100644
--- a/libminijail.c
+++ b/libminijail.c

@@ -2434,23 +2434,6 @@
 		}
 	}
 
-	/*
-	 * Make the process group ID of this process equal to its PID.
-	 * In the non-interactive case (e.g. when the parent process is started
-	 * from init) this ensures the parent process and the jailed process
-	 * can be killed together.
-	 * When the parent process is started from the console this ensures
-	 * the call to setsid(2) in the jailed process succeeds.
-	 *
-	 * Don't fail on EPERM, since setpgid(0, 0) can only EPERM when
-	 * the process is already a process group leader.
-	 */
-	if (setpgid(0 /* use calling PID */, 0 /* make PGID = PID */)) {
-		if (errno != EPERM) {
-			pdie("setpgid(0, 0) failed");
-		}
-	}
-
 	if (use_preload) {
 		/*
 		 * Before we fork(2) and execve(2) the child process, we need
@@ -2727,6 +2710,9 @@
 	 * This prevents the jailed process from using the TIOCSTI ioctl
 	 * to push characters into the parent process terminal's input buffer,
 	 * therefore escaping the jail.
+	 *
+	 * Since it has just forked, the child will not be a process group
+	 * leader, and this call to setsid() should always succeed.
 	 */
 	if (isatty(STDIN_FILENO) || isatty(STDOUT_FILENO) ||
 	    isatty(STDERR_FILENO)) {

diff --git a/minijail0.c b/minijail0.c
index a3ae623..0fdb05a 100644
--- a/minijail0.c
+++ b/minijail0.c

@@ -4,6 +4,7 @@
  */
 
 #include <dlfcn.h>
+#include <errno.h>
 #include <getopt.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -713,6 +714,22 @@
 	argc -= consumed;
 	argv += consumed;
 
+	/*
+	 * Make the process group ID of this process equal to its PID.
+	 * In the non-interactive case (e.g. when minijail0 is started from
+	 * init) this ensures the parent process and the jailed process
+	 * can be killed together.
+	 *
+	 * Don't fail on EPERM, since setpgid(0, 0) can only EPERM when
+	 * the process is already a process group leader.
+	 */
+	if (setpgid(0 /* use calling PID */, 0 /* make PGID = PID */)) {
+		if (errno != EPERM) {
+			fprintf(stderr, "setpgid(0, 0) failed\n");
+			exit(1);
+		}
+	}
+
 	if (elftype == ELFSTATIC) {
 		/*
 		 * Target binary is statically linked so we cannot use