summaryrefslogtreecommitdiffhomepage
path: root/pkg/seccomp/seccomp.go
diff options
context:
space:
mode:
authorMichael Pratt <mpratt@google.com>2018-09-07 10:27:19 -0700
committerShentubot <shentubot@google.com>2018-09-07 10:28:25 -0700
commit169e2efc5a2116755beca91e65802780282ab4c1 (patch)
tree65e4fa5878c9ddd683f0b65b07597b12b6201de9 /pkg/seccomp/seccomp.go
parent210c2520890ea48d551c0c9fffe890a7c60fb802 (diff)
Continue handling signals after disabling forwarding
Before destroying the Kernel, we disable signal forwarding, relinquishing control to the Go runtime. External signals that arrive after disabling forwarding but before the sandbox exits thus may use runtime.raise (i.e., tkill(2)) and violate the syscall filters. Adjust forwardSignals to handle signals received after disabling forwarding the same way they are handled before starting forwarding. i.e., by implementing the standard Go runtime behavior using tgkill(2) instead of tkill(2). This also makes the stop callback block until forwarding actually stops. This isn't required to avoid tkill(2) but is a saner interface. PiperOrigin-RevId: 211995946 Change-Id: I3585841644409260eec23435cf65681ad41f5f03
Diffstat (limited to 'pkg/seccomp/seccomp.go')
0 files changed, 0 insertions, 0 deletions