Make setsid() call in firewall process optional.

We previously called setsid() to ensure that the SIGINT generated by
Ctrl+C went to the main sshuttle process instead of the firewall
process. With the previous commit, we gracefully shutdown if either
the sshuttle process or firewall process receives a SIGINT. Therefore,
the setsid() call is optional. We still try calling setsid() since the
preferred shutdown process involves having the signal go to the main
sshuttle process. However, setsid() will fail if the firewall process
is started with sudo and sudo is configured with the use_pty option.
This commit is contained in:
Scott Kuhl 2022-01-07 12:14:57 -05:00
parent ae8af71886
commit 286bd3fa80

View File

@ -85,16 +85,17 @@ def setup_daemon():
signal.signal(signal.SIGTERM, firewall_exit) signal.signal(signal.SIGTERM, firewall_exit)
signal.signal(signal.SIGINT, firewall_exit) signal.signal(signal.SIGINT, firewall_exit)
# ctrl-c shouldn't be passed along to me. When the main sshuttle dies, # Calling setsid() here isn't strictly necessary. However, it forces
# I'll die automatically. # Ctrl+C to get sent to the main sshuttle process instead of to
# the firewall process---which is our preferred way to shutdown.
# Nonetheless, if the firewall process receives a SIGTERM/SIGINT
# signal, it will relay a SIGINT to the main sshuttle process
# automatically.
try: try:
os.setsid() os.setsid()
except OSError: except OSError:
raise Fatal("setsid() failed. This may occur if you are using sudo's " # setsid() fails if sudo is configured with the use_pty option.
"use_pty option. sshuttle does not currently work with " pass
"this option. An imperfect workaround: Run the sshuttle "
"command with sudo instead of running it as a regular "
"user and entering the sudo password when prompted.")
# because of limitations of the 'su' command, the *real* stdin/stdout # because of limitations of the 'su' command, the *real* stdin/stdout
# are both attached to stdout initially. Clone stdout into stdin so we # are both attached to stdout initially. Clone stdout into stdin so we