From 23f54ce77773aa77f578084f2212b9173827fdc1 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Tue, 10 Apr 2018 12:08:21 +0100 Subject: setpriv: implement option to set parent death signal When a process uses the syscall `prctl(PR_SET_PDEATHSIG, ...)`, it will get notified with a process-defined signal as soon as its parent process dies. This is for example being used by unshare(1)'s recently added "--kill-child" option, causing the forked child to be killed as soon as unshare itself dies. Unfortunately, some LSMs will cause the parent death signal to be reset when a process changes credentials, with the most important ones being SELinux and AppArmor. The following command will thus not work as expected: unshare --fork --kill-child setpriv --reuid user As soon as setpriv changes UID, the parent death signal is cleared and the child will never get signalled when unshare gets killed. Add a new option "--pdeathsig keep|clear|". Setting this flag will cause us to either - restore the previously active parent death signal as soon as the setpriv has applied all credential changes - clear the parent death signal - set the parent death signal to "" Furthermore, print out the currently set signal when dumping process state. [kzak@redhat.com: - small changes in codding style] Signed-off-by: Patrick Steinhardt Signed-off-by: Karel Zak --- sys-utils/setpriv.1 | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sys-utils/setpriv.1') diff --git a/sys-utils/setpriv.1 b/sys-utils/setpriv.1 index b900f6e08..f989bf33c 100644 --- a/sys-utils/setpriv.1 +++ b/sys-utils/setpriv.1 @@ -139,6 +139,12 @@ is cleared by .BR execve (2) and is therefore not allowed. .TP +.BR "\-\-pdeathsig keep" | clear | +Keep, clear or set the parent death signal. Some LSMs, most notably SELinux and +AppArmor, clear the signal when the process' credentials change. Using +\fB--pdeathsig keep\fR will restore the parent death signal after changing +credentials to remedy that situation. +.TP .BI \-\-selinux\-label " label" Request a particular SELinux transition (using a transition on exec, not dyntrans). This will fail and cause -- cgit v1.2.3-55-g7522