[PATCH 35/67] policycoreutils: sandbox: FIXME add level based kill

[PATCH 35/67] policycoreutils: sandbox: FIXME add level based kill

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 450 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.

The comment in your patch says sandbox will default to -K, this is not
true, the patch is fine though.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5yVesACgkQrlYvE4MpobMfuACgynaP1XdCWq1mk5PgZu6KfDQ5
AwMAnjhvqu8K0NUM4cDXBGIIf8bTbbjT
=XMYr
-----END PGP SIGNATURE-----

[-- Attachment #2: 0035-policycoreutils-sandbox-FIXME-add-level-based-kill-o.patch --]
[-- Type: text/plain, Size: 0 bytes --]

Re: [PATCH 35/67] policycoreutils: sandbox: FIXME add level based kill

[Guido Trentalancia]

On Thu, 2011-09-15 at 15:45 -0400, Daniel J Walsh wrote:
> @@ -941,6 +1011,9 @@ childerr:
>         waitpid(child, &status, 0);
>         status_to_retval(status, status);
>  
> +       if (execcon && kill_all)
> +               killall(execcon);
> +
>         if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
>  
>  err: 

Was it not just "kill" instead of "kill_all" ?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH 35/67] policycoreutils: sandbox: FIXME add level based kill

[Guido Trentalancia]

On Fri, 2011-09-16 at 06:49 +0200, Guido Trentalancia wrote:
> On Thu, 2011-09-15 at 15:45 -0400, Daniel J Walsh wrote:
> > @@ -941,6 +1011,9 @@ childerr:
> >         waitpid(child, &status, 0);
> >         status_to_retval(status, status);
> >  
> > +       if (execcon && kill_all)
> > +               killall(execcon);
> > +
> >         if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
> >  
> >  err: 
> 
> Was it not just "kill" instead of "kill_all" ?

I just realised that variable is going to get renamed in another patch
([PATCH 36/67] policycoreutils: sandbox: cntrl-c should kill entire). So
I think this patch requires 36/67, that's it but was not evident at
first sight.

Guido


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH 35/67] policycoreutils: sandbox: FIXME add level based kill

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/16/2011 01:33 AM, Guido Trentalancia wrote:
> On Fri, 2011-09-16 at 06:49 +0200, Guido Trentalancia wrote:
>> On Thu, 2011-09-15 at 15:45 -0400, Daniel J Walsh wrote:
>>> @@ -941,6 +1011,9 @@ childerr: waitpid(child, &status, 0); 
>>> status_to_retval(status, status);
>>> 
>>> +       if (execcon && kill_all) +
>>> killall(execcon); + if (tmpdir_r) cleanup_tmpdir(tmpdir_r,
>>> tmpdir_s, pwd, 1);
>>> 
>>> err:
>> 
>> Was it not just "kill" instead of "kill_all" ?
> 
> I just realised that variable is going to get renamed in another
> patch ([PATCH 36/67] policycoreutils: sandbox: cntrl-c should kill
> entire). So I think this patch requires 36/67, that's it but was
> not evident at first sight.
> 
> Guido
> 
kill  would conflict with the function kill.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5zXMsACgkQrlYvE4MpobP5twCdFv8PeXU5xxUK8jVlDh4AEGpC
jjQAnRsPrMSo0umWF4NeSO/+0iKg64TB
=DEO6
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH 35/67] policycoreutils: sandbox: FIXME add level based kill

[Eric Paris]

On Fri, 2011-09-16 at 07:33 +0200, Guido Trentalancia wrote:
> On Fri, 2011-09-16 at 06:49 +0200, Guido Trentalancia wrote:
> > On Thu, 2011-09-15 at 15:45 -0400, Daniel J Walsh wrote:
> > > @@ -941,6 +1011,9 @@ childerr:
> > >         waitpid(child, &status, 0);
> > >         status_to_retval(status, status);
> > >  
> > > +       if (execcon && kill_all)
> > > +               killall(execcon);
> > > +
> > >         if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
> > >  
> > >  err: 
> > 
> > Was it not just "kill" instead of "kill_all" ?
> 
> I just realised that variable is going to get renamed in another patch
> ([PATCH 36/67] policycoreutils: sandbox: cntrl-c should kill entire). So
> I think this patch requires 36/67, that's it but was not evident at
> first sight.

Thanks, mistake on my part.  Will move the required change from patch
#36 into patch #35 before committing.

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.