commit 5e5e784c7f1a02c7431a15c57ff3dd3ba389b9ae
author Peter Qiu <zqiu@google.com> Thu Dec 17 22:39:57 2015 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Dec 17 22:39:57 2015 +0000
tree 099e13df7ad9c7288c32211b3fa54b33164c317a
parent c0b6958a05bf1a2cb221bcc3dc79acd3cbd20004
parent 2860c4693ea5f40b44e4b2eb2f0b6970ffcd7f27

Merge "Add support for resetting signal masks"

libminijail.c

diff --git a/libminijail.c b/libminijail.c
index a29ebdf..3a03955 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -108,6 +108,7 @@
 		int do_init:1;
 		int pid_file:1;
 		int alt_syscall:1;
+		int reset_signal_mask:1;
 	} flags;
 	uid_t uid;
 	gid_t gid;
@@ -308,6 +309,10 @@
 	j->flags.caps = 1;
 }
 
+void API minijail_reset_signal_mask(struct minijail* j) {
+	j->flags.reset_signal_mask = 1;
+}
+
 void API minijail_namespace_vfs(struct minijail *j)
 {
 	j->flags.vfs = 1;
@@ -1696,6 +1701,14 @@
 	}
 	free(oldenv_copy);
 
+	if (j->flags.reset_signal_mask) {
+		sigset_t signal_mask;
+		if (sigemptyset(&signal_mask) != 0)
+			pdie("sigemptyset failed");
+		if (sigprocmask(SIG_SETMASK, &signal_mask, NULL) != 0)
+			pdie("sigprocmask failed");
+	}
+
 	if (j->flags.userns)
 		enter_user_namespace(j, userns_pipe_fds);
 

libminijail.h

diff --git a/libminijail.h b/libminijail.h
index 80bffc0..ecc385a 100644
--- a/libminijail.h
+++ b/libminijail.h
@@ -53,6 +53,7 @@
 void minijail_parse_seccomp_filters(struct minijail *j, const char *path);
 void minijail_log_seccomp_filter_failures(struct minijail *j);
 void minijail_use_caps(struct minijail *j, uint64_t capmask);
+void minijail_reset_signal_mask(struct minijail *j);
 void minijail_namespace_vfs(struct minijail *j);
 void minijail_namespace_enter_vfs(struct minijail *j, const char *ns_path);
 void minijail_namespace_ipc(struct minijail *j);