[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Plash] Re: Sending signals to sandboxed processes
|
From: |
Thomas Leonard |
|
Subject: |
[Plash] Re: Sending signals to sandboxed processes |
|
Date: |
Sun, 13 Feb 2011 16:19:13 +0000 |
On 19 November 2006 20:40, Thomas Leonard <address@hidden> wrote:
> Is there any way to send a signal (e.g. SIGTERM) to a plash process
> from outside the sandbox?
>
> Sending signals via the tty (^C etc) works fine, but sending using
> kill(2) doesn't seem to be possible (presumably because all the uids
> are different).
Would it be possible to use clone(2) with CLONE_NEWPID to get this behaviour?
Then the sandboxed processes would run with the same UID as the user,
but they can only send signals within the sandbox because PIDs are
unique to the sandbox. e.g. within the sandbox, the top-level process
is PID 1. Outside of the sandbox, it has a different PID and can be
killed by the user with no special privileges. This also allows
processes to see a restricted view of /proc.
--
Dr Thomas Leonard http://0install.net/
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Plash] Re: Sending signals to sandboxed processes,
Thomas Leonard <=