Skip to content

Instantly share code, notes, and snippets.

@mwhooker

mwhooker/kill_chroot_inside.sh

Created October 24, 2013 23:12
Show Gist options
  • Save mwhooker/7146771 to your computer and use it in GitHub Desktop.
Save mwhooker/7146771 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
kill_chroot_inside.sh
#!/bin/bash
ROOT_STAT=`stat -c %d:%i /proc/1/root/`
VERBOSE="verbose"
set -e
fatal()
{
echo "error: $1" 1>&2
exit 1
}
info()
{
if [ "$VERBOSE" = "verbose" ]; then
echo "$1"
fi
return 0
}
# Wrapper around kill command. Turns errors into
# warnings when running in verbose mode, otherwise
# it ignores them.
# args: parameters for kill
kill_proc()
{
if ! kill "$@" 2>/dev/null; then
info "kill $@ failed: process already terminated?"
fi
}
if [ "$(stat -c %d:%i /)" == "$ROOT_STAT" ]; then
echo "not chroot. returning" >&2
exit
fi
kill_wait()
{
pid=$1
kill_proc -TERM "$pid"
count=0
max=5
while [ -d /proc/"$pid" ]; do
count=$(( $count + 1 ))
info " Waiting for pid $pid to shut down... ($count/$max)"
sleep 1
# Wait for $max seconds for process to die before -9'ing it
if [ "$count" -eq "$max" ]; then
info " Sending SIGKILL to pid $pid"
kill_proc -KILL "$pid"
sleep 1
break
fi
done
}
initctl list | awk '/start\/running/ {print $1}' | xargs -n1 -r initctl stop
for proc in /proc/*/root/; do
PARENT=`dirname $proc`
if [ ! -h "$PARENT" -a -d "$PARENT" ]; then
TARGET=`stat -c %d:%i $proc`
if [ "$TARGET" != "$ROOT_STAT" ]; then
pid=`echo $proc | cut -d/ -f3`
if [ "$$" -eq "$pid" ]; then
info "skipping self"
continue
fi
info "Killing left-over pid $pid"
info " Sending SIGTERM to pid $pid"
kill_wait "$pid"
fi
fi
done
Raw
kill_chroot_outside.sh
#!/bin/sh
# Copyright © 2007 Kees Cook <kees@outflux.net>
# Copyright © 2007-2013 Roger Leigh <rleigh@debian.org>
#
# schroot is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# schroot is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
# <http://www.gnu.org/licenses/>.
#
#####################################################################
set -e
CHROOT_PATH="$1"
fatal()
{
echo "error: $1" 1>&2
exit 1
}
info()
{
if [ "$VERBOSE" = "verbose" ]; then
echo "$1"
fi
return 0
}
# Wrapper around kill command. Turns errors into
# warnings when running in verbose mode, otherwise
# it ignores them.
# args: parameters for kill
kill_proc()
{
if ! kill "$@" 2>/dev/null; then
info "kill $@ failed: process already terminated?"
fi
}
# Kill all processes that were run from within the chroot environment
# $1: mount base location
do_kill_all()
{
if [ -z "$1" ]; then
fatal "No path for finding stray processes: not reaping processes in chroot"
fi
info "Killing processes run inside $1"
ls /proc | egrep '^[[:digit:]]+$' |
while read pid; do
# Check if process root are the same device/inode as chroot
# root (for efficiency)
if [ /proc/"$pid"/root -ef "$1" ]; then
# Check if process and chroot root are the same (may be
# different even if device/inode match).
root=$(readlink /proc/"$pid"/root || true)
if [ "$root" = "$1" ]; then
exe=$(readlink /proc/"$pid"/exe || true)
info "Killing left-over pid $pid (${exe##$1})"
info " Sending SIGTERM to pid $pid"
kill_proc -TERM "$pid"
count=0
max=5
while [ -d /proc/"$pid" ]; do
count=$(( $count + 1 ))
info " Waiting for pid $pid to shut down... ($count/$max)"
sleep 1
# Wait for $max seconds for process to die before -9'ing it
if [ "$count" -eq "$max" ]; then
info " Sending SIGKILL to pid $pid"
kill_proc -KILL "$pid"
sleep 1
break
fi
done
fi
fi
done
}
do_kill_all "$CHROOT_PATH"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment