diff options
-rw-r--r-- | eater.c | 8 | ||||
-rw-r--r-- | seitan.c | 16 |
2 files changed, 23 insertions, 1 deletions
@@ -20,6 +20,7 @@ #include <sys/prctl.h> #include <sys/syscall.h> #include <sys/socket.h> +#include <signal.h> #include <linux/audit.h> #include <linux/filter.h> @@ -75,6 +76,8 @@ static int seccomp(unsigned int operation, unsigned int flags, void *args) return syscall(__NR_seccomp, operation, flags, args); } +static void signal_handler(__attribute__((unused))int s){} + /** * main() - Entry point * @argc: Argument count @@ -87,6 +90,7 @@ int main(int argc, char **argv) struct sock_filter filter[1024]; struct arguments arguments; struct sock_fprog prog; + struct sigaction act; size_t n; int fd; @@ -106,8 +110,10 @@ int main(int argc, char **argv) perror("seccomp"); exit(EXIT_FAILURE); } + act.sa_handler = signal_handler; + sigaction(SIGCONT, &act, NULL); + pause(); - connect(0, NULL, 0); /* Wait for seitan to unblock this */ execvpe(argv[arguments.program_index], &argv[arguments.program_index], environ); if (errno != ENOENT) { @@ -168,6 +168,19 @@ struct table { static struct table t[16]; +static int pidfd_send_signal(int pidfd, int sig, siginfo_t *info, + unsigned int flags) +{ + return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags); +} + +static void unblock_eater(int pidfd){ + if (pidfd_send_signal(pidfd, SIGCONT, NULL, 0) == -1) { + perror("pidfd_send_signal"); + exit(EXIT_FAILURE); + } +} + int handle(struct seccomp_notif *req, int notifyfd) { char path[PATH_MAX + 1]; @@ -259,6 +272,9 @@ int main(int argc, char **argv) perror("epoll_ctl: notifier"); exit(EXIT_FAILURE); } + /* Unblock seitan-loader */ + unblock_eater(pidfd); + while(running) { nevents = epoll_wait(epollfd, events, EPOLL_EVENTS, -1); if (nevents < 0 ) { |