diff options
author | Daniel Golle <daniel@makrotopia.org> | 2021-12-10 13:48:59 +0000 |
---|---|---|
committer | Daniel Golle <daniel@makrotopia.org> | 2021-12-11 03:12:08 +0000 |
commit | bb95fe8df7115ab57792369c768927eafc042161 (patch) | |
tree | 70b49e4ea480c94cc298fe2a8517972808b63bc2 /service/instance.c | |
parent | 01ac2c4500cb0c7934640e6d2e5f99b08483bdf4 (diff) | |
download | procd-bb95fe8df7115ab57792369c768927eafc042161.tar.gz |
jail: make sure jailed process is terminated
Don't ever send SIGKILL to ujail, as that will kill ujail but not the
jailed process.
Instead, let ujail send SIGKILL in case of SIGTERM not succeeding after
the term_timeout which procd now passes down to ujail.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'service/instance.c')
-rw-r--r-- | service/instance.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/service/instance.c b/service/instance.c index 748c1e5..9c74265 100644 --- a/service/instance.c +++ b/service/instance.c @@ -288,12 +288,17 @@ instance_gen_setns_argstr(struct blob_attr *attr) static inline int jail_run(struct service_instance *in, char **argv) { + char *term_timeout_str; struct blobmsg_list_node *var; struct jail *jail = &in->jail; int argc = 0; argv[argc++] = UJAIL_BIN_PATH; + asprintf(&term_timeout_str, "%d", in->term_timeout); + argv[argc++] = "-t"; + argv[argc++] = term_timeout_str; + if (jail->name) { argv[argc++] = "-n"; argv[argc++] = jail->name; @@ -867,7 +872,8 @@ instance_stop(struct service_instance *in, bool halt) in->halt = halt; in->restart = in->respawn = false; kill(in->proc.pid, SIGTERM); - uloop_timeout_set(&in->timeout, in->term_timeout * 1000); + if (!in->has_jail) + uloop_timeout_set(&in->timeout, in->term_timeout * 1000); } static void @@ -884,7 +890,8 @@ instance_restart(struct service_instance *in) in->halt = true; in->restart = true; kill(in->proc.pid, SIGTERM); - uloop_timeout_set(&in->timeout, in->term_timeout * 1000); + if (!in->has_jail) + uloop_timeout_set(&in->timeout, in->term_timeout * 1000); } static void @@ -1147,7 +1154,7 @@ instance_jail_parse(struct service_instance *in, struct blob_attr *attr) blobmsg_parse(jail_attr, __JAIL_ATTR_MAX, tb, blobmsg_data(attr), blobmsg_data_len(attr)); - jail->argc = 2; + jail->argc = 4; if (tb[JAIL_ATTR_REQUIREJAIL] && blobmsg_get_bool(tb[JAIL_ATTR_REQUIREJAIL])) { in->require_jail = true; |