diff --git a/main.c b/main.c index 30480d1..29ceb98 100644 --- a/main.c +++ b/main.c @@ -12,7 +12,8 @@ pid_t pid_child; -void drop_root(void) { +void drop_root(void) +{ uid_t uid = getuid(); // Drop root privileges if (setresuid(-1,uid,uid) == -1) @@ -31,25 +32,27 @@ void drop_root(void) { } // sanity check - if(seteuid(0) != -1) { - printf("Sanity check failed. I was able to regain root.\n"); - exit(1); - } + if (seteuid(0) != -1) + { + printf("Sanity check failed. I was able to regain root.\n"); + exit(1); + } } void forward_signal(int sig) { - if(kill(pid_child, sig) == -1) { - printf("Unable to forward signal %d to child\n", sig); - if(sig == SIGTERM) - exit(1); - } + if (kill(pid_child, sig) == -1) + { + printf("Unable to forward signal %d to child\n", sig); + if (sig == SIGTERM) + exit(1); + } } char** argdup(int argc, const char** argv) { char** newargs = malloc(sizeof(char*) * (argc+1)); - for(size_t i = 0; i < argc; i++) + for (size_t i = 0; i < argc; i++) { newargs[i] = strdup(argv[i]); } @@ -59,11 +62,12 @@ char** argdup(int argc, const char** argv) int main(int argc, const char** argv) { - if(argc == 1) { - printf("Usage: pidjail PROGRAM ARGUMENTS...\n" - "Run command within its own pid namespace. Integrated init process.\n"); - return 0; - } + if (argc == 1) + { + printf("Usage: pidjail PROGRAM ARGUMENTS...\n" + "Run command within its own pid namespace. Integrated init process.\n"); + return 0; + } // next fork shall be in a new pid namespace if (unshare(CLONE_NEWPID) != 0) @@ -90,12 +94,13 @@ int main(int argc, const char** argv) // Setup signal handler to forward SIGTERM pid_child = pid; - if(signal(SIGTERM, forward_signal) == SIG_ERR) { - printf("Unable to setup signal handler in head\n"); - } + if (signal(SIGTERM, forward_signal) == SIG_ERR) + { + printf("Unable to setup signal handler in head\n"); + } // parent waits for child then exits int status; - if(waitpid(pid, &status, 0) == -1) + if (waitpid(pid, &status, 0) == -1) { int err = errno; printf("Failed to wait (%d)\n", err); @@ -122,15 +127,16 @@ int main(int argc, const char** argv) // Setup forward for SIGTERM pid_child = first_child; - if(signal(SIGTERM, forward_signal) == SIG_ERR) { - printf("Unable to setup signal forward in init. Aborting.\n"); - return 1; - } + if (signal(SIGTERM, forward_signal) == SIG_ERR) + { + printf("Unable to setup signal forward in init. Aborting.\n"); + return 1; + } do { exited_child = wait(&child_status); err = errno; - } while(exited_child != first_child && exited_child != -1); + } while (exited_child != first_child && exited_child != -1); if (exited_child == -1) {