2 files changed, 23 insertions, 1 deletions

diff --git a/eater.c b/eater.c
index cd03b44..ad2136e 100644
--- a/eater.c
+++ b/eater.c
@@ -20,6 +20,7 @@
 #include <sys/prctl.h>
 #include <sys/syscall.h>
 #include <sys/socket.h>
+#include <signal.h>
 
 #include <linux/audit.h>
 #include <linux/filter.h>
@@ -75,6 +76,8 @@ static int seccomp(unsigned int operation, unsigned int flags, void *args)
 	return syscall(__NR_seccomp, operation, flags, args);
 }
 
+static void signal_handler(__attribute__((unused))int s){}
+
 /**
  * main() - Entry point
  * @argc:	Argument count
@@ -87,6 +90,7 @@ int main(int argc, char **argv)
 	struct sock_filter filter[1024];
 	struct arguments arguments;
 	struct sock_fprog prog;
+	struct sigaction act;
 	size_t n;
 	int fd;
 
@@ -106,8 +110,10 @@ int main(int argc, char **argv)
 		perror("seccomp");
 		exit(EXIT_FAILURE);
 	}
+	act.sa_handler = signal_handler;
+	sigaction(SIGCONT, &act, NULL);
+	pause();
 
-	connect(0, NULL, 0); /* Wait for seitan to unblock this */
 	execvpe(argv[arguments.program_index], &argv[arguments.program_index],
 			environ);
 	if (errno != ENOENT) {
diff --git a/seitan.c b/seitan.c
index b227fc8..6c66593 100644
--- a/seitan.c
+++ b/seitan.c
@@ -168,6 +168,19 @@ struct table {
 
 static struct table t[16];
 
+static int pidfd_send_signal(int pidfd, int sig, siginfo_t *info,
+		unsigned int flags)
+{
+	return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags);
+}
+
+static void unblock_eater(int pidfd){
+	if (pidfd_send_signal(pidfd, SIGCONT, NULL, 0) == -1) {
+		perror("pidfd_send_signal");
+		exit(EXIT_FAILURE);
+	}
+}
+
 int handle(struct seccomp_notif *req, int notifyfd)
 {
 	char path[PATH_MAX + 1];
@@ -259,6 +272,9 @@ int main(int argc, char **argv)
                perror("epoll_ctl: notifier");
                exit(EXIT_FAILURE);
         }
+	/* Unblock seitan-loader */
+	unblock_eater(pidfd);
+
 	while(running) {
 		nevents = epoll_wait(epollfd, events, EPOLL_EVENTS, -1);
 		if (nevents < 0 ) {