Re: [Plash] Sending signals to sandboxed processes

plash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Plash] Sending signals to sandboxed processes

From:	Mark Seaborn
Subject:	Re: [Plash] Sending signals to sandboxed processes
Date:	Thu, 14 Dec 2006 17:23:04 +0000 (GMT)

Thomas Leonard <address@hidden> wrote:

> I think perhaps I need a sandboxed process polling for a ".killed"
> file, and then killing its whole process group if it finds one. Is
> there an easier way?

A similar approach, but without doing polling, would be to pass a pipe
FD into the sandboxed process, and have it kill the process group when
it receives a message via the pipe.

It depends what you need it for, really.  Is it just for killing a
test case that is taking too long, or is it for killing a malicious
process?

Eventually I would like to switch to using a ptrace()-based monitor
rather than doing setuid() for the sandboxed process.  That would not
have this problem with sending signals.

Mark

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Plash] Sending signals to sandboxed processes, Mark Seaborn <=
- Message not available
  - [Plash] Sending signals to sandboxed processes, Thomas Leonard, 2006/12/14

Next by Date: [Plash] Sending signals to sandboxed processes
Next by thread: [Plash] Sending signals to sandboxed processes
Index(es):
- Date
- Thread