fix: handle change behaviour in newer kernels when POLLHUP is received

bfafe5ef changed when the kernel is creating the POLLHUP event on the seccomp notify fd. It moved the call to seccomp_filter_release from release_task to do_exit, thus the event is now already triggered when the last task exits, not only once it has been waited for. Therefore, we can no longer assume that a prior waitid call must have already collected the return code when we see this event. Instead we check if we are still waiting for a result when the event is received and collect the return code if required. fixes #1
gardenlinux · Oct 15, 2024 · 655dba9 · 655dba9
1 parent 018b6de
commit 655dba9
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/seccomp_unotify.c b/seccomp_unotify.c
@@ -308,6 +308,20 @@ static int supervisor(pid_t target_pid, int seccomp_notify_fd, void *ctx, seccom
 		if (poll_seccomp_notify_fd.revents & POLLHUP)
 		{
 			debug_printf("seccomp_notify_fd POLLHUP event recieved");
+
+			if (target_pid)
+			{
+				while (waitid(P_PID, target_pid, &siginfo, WEXITED) == -1)
+				{
+					if (errno != EINTR) err(1, "waitid");
+				}
+
+				debug_printf("target %d exited with status %d", siginfo.si_pid, siginfo.si_status);
+
+				ret = siginfo.si_status;
+				target_pid = 0;
+			}
+
 			break;
 		}
 		if (!(poll_seccomp_notify_fd.revents & POLLIN)) continue;