kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit a6677b873f2a521c1f03d54ce200b15ed7ca96ac
parent 1af0772ebe593567a0eeab0191064f2bc29c5d5f
Author: Joris Vink <joris@coders.se>
Date:   Tue,  7 Sep 2021 23:05:25 +0200

On linux, keep track of seccomp tracing properly.

With the new process startup code we must handle the SIGSTOP
from the processes if seccomp_tracing is enabled. Otherwise
they just hang indefinitely and we assume they failed to start,
which is somewhat true.

Diffstat:
src/worker.c | 13+++++++++++++
1 file changed, 13 insertions(+), 0 deletions(-)

diff --git a/src/worker.c b/src/worker.c @@ -184,6 +184,9 @@ kore_worker_spawn(u_int16_t idx, u_int16_t id, u_int16_t cpu) { int cnt; struct kore_worker *kw; +#if defined(__linux__) + int status; +#endif kw = WORKER(idx); kw->id = id; @@ -227,6 +230,16 @@ kore_worker_spawn(u_int16_t idx, u_int16_t id, u_int16_t cpu) if (kw->ready == 1) break; usleep(100000); +#if defined(__linux__) + /* + * If seccomp_tracing is enabled, make sure we + * handle the SIGSTOP from the child processes. + */ + if (kore_seccomp_tracing) { + if (waitpid(kw->pid, &status, WNOHANG) > 0) + kore_seccomp_trace(kw->pid, status); + } +#endif } if (kw->ready == 0) {