minijail: Set new process group ID.
By setting a new process group ID (PGID) in Minijail, we can then kill
both the Minijail process and the jailed process. Before, daemons like
debugd were killing only the Minijail process, which doesn't stop the
jailed process.
BUG=chromium:486219
TEST='minijail0 -- /usr/bin/yes'
TEST='ps axj' shows |minijail0| and |yes| with the same PGID.
Change-Id: Ibc82948aeedd560c08c182194723ccd53ec9b764
Reviewed-on: https://chromium-review.googlesource.com/271327
Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Samuel Tan <samueltan@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/libminijail.c b/libminijail.c
index 92a6e70..0dab24d 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -1044,6 +1044,19 @@
return -EFAULT;
/*
+ * Make the process group ID of this process equal to its PID, so that
+ * both the Minijail process and the jailed process can be killed
+ * together.
+ * Don't fail on EPERM, since setpgid(0, 0) can only EPERM when
+ * the process is already a process group leader.
+ */
+ if (setpgid(0 /* use calling PID */, 0 /* make PGID = PID */)) {
+ if (errno != EPERM) {
+ pdie("setpgid(0, 0)");
+ }
+ }
+
+ /*
* Before we fork(2) and execve(2) the child process, we need to open
* a pipe(2) to send the minijail configuration over.
*/