Add support for resetting signal masks
By default, child process will inherit signal masks (blocked signals)
from its parent process. Once the signal is blocked, the child process
will not be able to receive notifications for those signals.
Some parent processes (such as system daemons implemented using
brillo::Daemon) will block signals such as SIGTERM and SIGINT, so that
they can use signalfd to monitor those signals instead. In this case,
the child process will not be able to receive notification for these
signals.
To fix it, allow the caller to specify a flag to indicate if child
process should reset the signal mask or not.
Bug: None
BUG=chrome-os-partner:47785
TEST=Manual test
Change-Id: I7d32c50e67af0dadbfeca8316f85b9a542e952c0
diff --git a/libminijail.c b/libminijail.c
index a29ebdf..3a03955 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -108,6 +108,7 @@
int do_init:1;
int pid_file:1;
int alt_syscall:1;
+ int reset_signal_mask:1;
} flags;
uid_t uid;
gid_t gid;
@@ -308,6 +309,10 @@
j->flags.caps = 1;
}
+void API minijail_reset_signal_mask(struct minijail* j) {
+ j->flags.reset_signal_mask = 1;
+}
+
void API minijail_namespace_vfs(struct minijail *j)
{
j->flags.vfs = 1;
@@ -1696,6 +1701,14 @@
}
free(oldenv_copy);
+ if (j->flags.reset_signal_mask) {
+ sigset_t signal_mask;
+ if (sigemptyset(&signal_mask) != 0)
+ pdie("sigemptyset failed");
+ if (sigprocmask(SIG_SETMASK, &signal_mask, NULL) != 0)
+ pdie("sigprocmask failed");
+ }
+
if (j->flags.userns)
enter_user_namespace(j, userns_pipe_fds);
diff --git a/libminijail.h b/libminijail.h
index 80bffc0..ecc385a 100644
--- a/libminijail.h
+++ b/libminijail.h
@@ -53,6 +53,7 @@
void minijail_parse_seccomp_filters(struct minijail *j, const char *path);
void minijail_log_seccomp_filter_failures(struct minijail *j);
void minijail_use_caps(struct minijail *j, uint64_t capmask);
+void minijail_reset_signal_mask(struct minijail *j);
void minijail_namespace_vfs(struct minijail *j);
void minijail_namespace_enter_vfs(struct minijail *j, const char *ns_path);
void minijail_namespace_ipc(struct minijail *j);