1
// Tests for the process descriptor API for Linux.
2
#include <sys/types.h>
3
#include <sys/resource.h>
4
#include <sys/select.h>
5
#include <sys/socket.h>
6
#include <sys/stat.h>
7
#include <sys/time.h>
8
#include <sys/wait.h>
9
#include <fcntl.h>
10
#include <poll.h>
11
#include <pthread.h>
12
#include <signal.h>
13
#include <stdlib.h>
14
#include <unistd.h>
15

16
#include <iomanip>
17
#include <map>
18

19
#include "capsicum.h"
20
#include "syscalls.h"
21
#include "capsicum-test.h"
22

23
#ifndef __WALL
24
// Linux requires __WALL in order for waitpid(specific_pid,...) to
25
// see and reap any specific pid.  Define this to nothing for platforms
26
// (FreeBSD) where it doesn't exist, to reduce macroing.
27
#define __WALL 0
28
#endif
29

30
//------------------------------------------------
31
// Utilities for the tests.
32

33
static pid_t pdwait4_(int pd, int *status, int options, struct rusage *ru) {
34
#ifdef HAVE_PDWAIT4
35
  return pdwait4(pd, status, options, ru);
36
#else
37
  // Simulate pdwait4() with wait4(pdgetpid()); this won't work in capability mode.
38
  pid_t pid = -1;
39
  int rc = pdgetpid(pd, &pid);
40
  if (rc < 0) {
41
    return rc;
42
  }
43
  options |= __WALL;
44
  return wait4(pid, status, options, ru);
45
#endif
46
}
47

48
static void print_rusage(FILE *f, struct rusage *ru) {
49
  fprintf(f, "  User CPU time=%ld.%06ld\n", (long)ru->ru_utime.tv_sec, (long)ru->ru_utime.tv_usec);
50
  fprintf(f, "  System CPU time=%ld.%06ld\n", (long)ru->ru_stime.tv_sec, (long)ru->ru_stime.tv_usec);
51
  fprintf(f, "  Max RSS=%ld\n", ru->ru_maxrss);
52
}
53

54
static void print_stat(FILE *f, const struct stat *stat) {
55
  fprintf(f,
56
          "{ .st_dev=%ld, st_ino=%ld, st_mode=%04o, st_nlink=%ld, st_uid=%d, st_gid=%d,\n"
57
          "  .st_rdev=%ld, .st_size=%ld, st_blksize=%ld, .st_block=%ld,\n  "
58
#ifdef HAVE_STAT_BIRTHTIME
59
          ".st_birthtime=%ld, "
60
#endif
61
          ".st_atime=%ld, .st_mtime=%ld, .st_ctime=%ld}\n",
62
          (long)stat->st_dev, (long)stat->st_ino, stat->st_mode,
63
          (long)stat->st_nlink, stat->st_uid, stat->st_gid,
64
          (long)stat->st_rdev, (long)stat->st_size, (long)stat->st_blksize,
65
          (long)stat->st_blocks,
66
#ifdef HAVE_STAT_BIRTHTIME
67
          (long)stat->st_birthtime,
68
#endif
69
          (long)stat->st_atime, (long)stat->st_mtime, (long)stat->st_ctime);
70
}
71

72
static volatile sig_atomic_t had_signal[NSIG];
73
void clear_had_signals() {
74
  memset(const_cast<sig_atomic_t *>(had_signal), 0, sizeof(had_signal));
75
}
76
static void handle_signal(int x) {
77
  had_signal[x] = true;
78
}
79

80
// Check that the given child process terminates as expected.
81
void CheckChildFinished(pid_t pid, bool signaled=false) {
82
  // Wait for the child to finish.
83
  int rc;
84
  int status = 0;
85
  do {
86
    rc = waitpid(pid, &status, __WALL);
87
    if (rc < 0) {
88
      fprintf(stderr, "Warning: waitpid error %s (%d)\n", strerror(errno), errno);
89
      ADD_FAILURE() << "Failed to wait for child";
90
      break;
91
    } else if (rc == pid) {
92
      break;
93
    }
94
  } while (true);
95
  EXPECT_EQ(pid, rc);
96
  if (rc == pid) {
97
    if (signaled) {
98
      EXPECT_TRUE(WIFSIGNALED(status));
99
    } else {
100
      EXPECT_TRUE(WIFEXITED(status)) << std::hex << status;
101
      EXPECT_EQ(0, WEXITSTATUS(status));
102
    }
103
  }
104
}
105

106
//------------------------------------------------
107
// Basic tests of process descriptor functionality
108

109
TEST(Pdfork, Simple) {
110
  int pd = -1;
111
  int pipefds[2];
112
  pid_t parent = getpid_();
113
  EXPECT_OK(pipe(pipefds));
114
  int pid = pdfork(&pd, 0);
115
  EXPECT_OK(pid);
116
  if (pid == 0) {
117
    // Child: check pid values.
118
    EXPECT_EQ(-1, pd);
119
    EXPECT_NE(parent, getpid_());
120
    EXPECT_EQ(parent, getppid());
121
    close(pipefds[0]);
122
    SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
123
    if (verbose) fprintf(stderr, "Child waiting for exit message\n");
124
    // Terminate once the parent has completed the checks
125
    AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
126
    exit(testing::Test::HasFailure());
127
  }
128
  close(pipefds[1]);
129
  // Ensure the child has started.
130
  AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
131

132
  EXPECT_NE(-1, pd);
133
  EXPECT_PID_ALIVE(pid);
134
  int pid_got;
135
  EXPECT_OK(pdgetpid(pd, &pid_got));
136
  EXPECT_EQ(pid, pid_got);
137

138
  // Tell the child to exit and wait until it is a zombie.
139
  SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_REQUEST_CHILD_EXIT);
140
  // EXPECT_PID_ZOMBIE waits for up to ~500ms, that should be enough time for
141
  // the child to exit successfully.
142
  EXPECT_PID_ZOMBIE(pid);
143
  close(pipefds[0]);
144

145
  // Wait for the the child.
146
  int status;
147
  struct rusage ru;
148
  memset(&ru, 0, sizeof(ru));
149
  int waitrc = pdwait4_(pd, &status, 0, &ru);
150
  EXPECT_EQ(pid, waitrc);
151
  if (verbose) {
152
    fprintf(stderr, "For pd %d pid %d:\n", pd, pid);
153
    print_rusage(stderr, &ru);
154
  }
155
  EXPECT_PID_GONE(pid);
156

157
  // Can only pdwait4(pd) once (as initial call reaps zombie).
158
  memset(&ru, 0, sizeof(ru));
159
  EXPECT_EQ(-1, pdwait4_(pd, &status, 0, &ru));
160
  EXPECT_EQ(ECHILD, errno);
161

162
  EXPECT_OK(close(pd));
163
}
164

165
TEST(Pdfork, InvalidFlag) {
166
  int pd = -1;
167
  int pid = pdfork(&pd, PD_DAEMON<<5);
168
  if (pid == 0) {
169
    exit(1);
170
  }
171
  EXPECT_EQ(-1, pid);
172
  EXPECT_EQ(EINVAL, errno);
173
  if (pid > 0) waitpid(pid, NULL, __WALL);
174
}
175

176
TEST(Pdfork, TimeCheck) {
177
  time_t now = time(NULL);  // seconds since epoch
178
  EXPECT_NE(-1, now);
179
  if (verbose) fprintf(stderr, "Calling pdfork around %ld\n", (long)(long)now);
180

181
  int pd = -1;
182
  pid_t pid = pdfork(&pd, 0);
183
  EXPECT_OK(pid);
184
  if (pid == 0) {
185
    // Child: check we didn't get a valid process descriptor then exit.
186
    EXPECT_EQ(-1, pdgetpid(pd, &pid));
187
    EXPECT_EQ(EBADF, errno);
188
    exit(HasFailure());
189
  }
190

191
#ifdef HAVE_PROCDESC_FSTAT
192
  // Parent process. Ensure that [acm]times have been set correctly.
193
  struct stat stat;
194
  memset(&stat, 0, sizeof(stat));
195
  EXPECT_OK(fstat(pd, &stat));
196
  if (verbose) print_stat(stderr, &stat);
197

198
#ifdef HAVE_STAT_BIRTHTIME
199
  EXPECT_GE(now, stat.st_birthtime);
200
  EXPECT_EQ(stat.st_birthtime, stat.st_atime);
201
#endif
202
  EXPECT_LT((now - stat.st_atime), 2);
203
  EXPECT_EQ(stat.st_atime, stat.st_ctime);
204
  EXPECT_EQ(stat.st_ctime, stat.st_mtime);
205
#endif
206

207
  // Wait for the child to finish.
208
  pid_t pd_pid = -1;
209
  EXPECT_OK(pdgetpid(pd, &pd_pid));
210
  EXPECT_EQ(pid, pd_pid);
211
  CheckChildFinished(pid);
212
}
213

214
TEST(Pdfork, UseDescriptor) {
215
  int pd = -1;
216
  pid_t pid = pdfork(&pd, 0);
217
  EXPECT_OK(pid);
218
  if (pid == 0) {
219
    // Child: immediately exit
220
    exit(0);
221
  }
222
  CheckChildFinished(pid);
223
}
224

225
TEST(Pdfork, NonProcessDescriptor) {
226
  int fd = open("/etc/passwd", O_RDONLY);
227
  EXPECT_OK(fd);
228
  // pd*() operations should fail on a non-process descriptor.
229
  EXPECT_EQ(-1, pdkill(fd, SIGUSR1));
230
  int status;
231
  EXPECT_EQ(-1, pdwait4_(fd, &status, 0, NULL));
232
  pid_t pid;
233
  EXPECT_EQ(-1, pdgetpid(fd, &pid));
234
  close(fd);
235
}
236

237
static void *SubThreadMain(void *arg) {
238
  // Notify the main thread that we have started
239
  if (verbose) fprintf(stderr, "      subthread started: pipe=%p\n", arg);
240
  SEND_INT_MESSAGE((int)(intptr_t)arg, MSG_CHILD_STARTED);
241
  while (true) {
242
    if (verbose) fprintf(stderr, "      subthread: \"I aten't dead\"\n");
243
    usleep(100000);
244
  }
245
  return NULL;
246
}
247

248
static void *ThreadMain(void *) {
249
  int pd;
250
  int pipefds[2];
251
  EXPECT_EQ(0, pipe(pipefds));
252
  pid_t child = pdfork(&pd, 0);
253
  if (child == 0) {
254
    close(pipefds[0]);
255
    // Child: start a subthread then loop.
256
    pthread_t child_subthread;
257
    // Wait for the subthread startup using another pipe.
258
    int thread_pipefds[2];
259
    EXPECT_EQ(0, pipe(thread_pipefds));
260
    EXPECT_OK(pthread_create(&child_subthread, NULL, SubThreadMain,
261
                             (void *)(intptr_t)thread_pipefds[0]));
262
    if (verbose) {
263
      fprintf(stderr, "    pdforked process %d: waiting for subthread.\n",
264
              getpid());
265
    }
266
    AWAIT_INT_MESSAGE(thread_pipefds[1], MSG_CHILD_STARTED);
267
    close(thread_pipefds[0]);
268
    close(thread_pipefds[1]);
269
    // Child: Notify parent that all threads have started
270
    if (verbose) fprintf(stderr, "    pdforked process %d: subthread started\n", getpid());
271
    SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
272
    while (true) {
273
      if (verbose) fprintf(stderr, "    pdforked process %d: \"I aten't dead\"\n", getpid());
274
      usleep(100000);
275
    }
276
    exit(0);
277
  }
278
  if (verbose) fprintf(stderr, "  thread generated pd %d\n", pd);
279
  close(pipefds[1]);
280
  AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
281
  if (verbose) fprintf(stderr, "[%d] got child startup message\n", getpid_());
282

283
  // Pass the process descriptor back to the main thread.
284
  return reinterpret_cast<void *>(pd);
285
}
286

287
TEST(Pdfork, FromThread) {
288
  // Fire off a new thread to do all of the creation work.
289
  pthread_t child_thread;
290
  EXPECT_OK(pthread_create(&child_thread, NULL, ThreadMain, NULL));
291
  void *data;
292
  EXPECT_OK(pthread_join(child_thread, &data));
293
  int pd = reinterpret_cast<intptr_t>(data);
294
  if (verbose) fprintf(stderr, "retrieved pd %d from terminated thread\n", pd);
295

296
  // Kill and reap.
297
  pid_t pid;
298
  EXPECT_OK(pdgetpid(pd, &pid));
299
  EXPECT_OK(pdkill(pd, SIGKILL));
300
  int status;
301
  EXPECT_EQ(pid, pdwait4_(pd, &status, 0, NULL));
302
  EXPECT_TRUE(WIFSIGNALED(status));
303
}
304

305
//------------------------------------------------
306
// More complicated tests.
307

308

309
// Test fixture that pdfork()s off a child process, which terminates
310
// when it receives anything on a pipe.
311
class PipePdforkBase : public ::testing::Test {
312
 public:
313
  PipePdforkBase(int pdfork_flags) : pd_(-1), pid_(-1) {
314
    clear_had_signals();
315
    int pipes[2];
316
    EXPECT_OK(pipe(pipes));
317
    pipe_ = pipes[1];
318
    int parent = getpid_();
319
    if (verbose) fprintf(stderr, "[%d] about to pdfork()\n", getpid_());
320
    int rc = pdfork(&pd_, pdfork_flags);
321
    EXPECT_OK(rc);
322
    if (rc == 0) {
323
      // Child process: blocking-read an int from the pipe then exit with that value.
324
      EXPECT_NE(parent, getpid_());
325
      EXPECT_EQ(parent, getppid());
326
      if (verbose) fprintf(stderr, "  [%d] child of %d waiting for value on pipe\n", getpid_(), getppid());
327
      read(pipes[0], &rc, sizeof(rc));
328
      if (verbose) fprintf(stderr, "  [%d] got value %d on pipe, exiting\n", getpid_(), rc);
329
      exit(rc);
330
    }
331
    pid_ = rc;
332
    usleep(100);  // ensure the child has a chance to run
333
  }
334
  ~PipePdforkBase() {
335
    // Terminate by any means necessary.
336
    if (pd_ > 0) {
337
      pdkill(pd_, SIGKILL);
338
      close(pd_);
339
    }
340
    if (pid_ > 0) {
341
      kill(pid_, SIGKILL);
342
      waitpid(pid_, NULL, __WALL|WNOHANG);
343
    }
344
    // Check signal expectations.
345
    EXPECT_FALSE(had_signal[SIGCHLD]);
346
  }
347
  int TerminateChild() {
348
    // Tell the child to exit.
349
    int zero = 0;
350
    if (verbose) fprintf(stderr, "[%d] write 0 to pipe\n", getpid_());
351
    return write(pipe_, &zero, sizeof(zero));
352
  }
353
 protected:
354
  int pd_;
355
  int pipe_;
356
  pid_t pid_;
357
};
358

359
class PipePdfork : public PipePdforkBase {
360
 public:
361
  PipePdfork() : PipePdforkBase(0) {}
362
};
363

364
class PipePdforkDaemon : public PipePdforkBase {
365
 public:
366
  PipePdforkDaemon() : PipePdforkBase(PD_DAEMON) {}
367
};
368

369
// Can we poll a process descriptor?
370
TEST_F(PipePdfork, Poll) {
371
  // Poll the process descriptor, nothing happening.
372
  struct pollfd fdp;
373
  fdp.fd = pd_;
374
  fdp.events = POLLIN | POLLERR | POLLHUP;
375
  fdp.revents = 0;
376
  EXPECT_EQ(0, poll(&fdp, 1, 0));
377

378
  TerminateChild();
379

380
  // Poll again, should have activity on the process descriptor.
381
  EXPECT_EQ(1, poll(&fdp, 1, 2000));
382
  EXPECT_TRUE(fdp.revents & POLLHUP);
383

384
  // Poll a third time, still have POLLHUP.
385
  fdp.revents = 0;
386
  EXPECT_EQ(1, poll(&fdp, 1, 0));
387
  EXPECT_TRUE(fdp.revents & POLLHUP);
388
}
389

390
// Can multiple processes poll on the same descriptor?
391
TEST_F(PipePdfork, PollMultiple) {
392
  int pipefds[2];
393
  EXPECT_EQ(0, pipe(pipefds));
394
  int child = fork();
395
  EXPECT_OK(child);
396
  if (child == 0) {
397
    close(pipefds[0]);
398
    // Child: wait for parent to acknowledge startup
399
    SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
400
    // Child: wait for two messages from the parent and the forked process
401
    // before telling the other process to terminate.
402
    if (verbose) fprintf(stderr, "[%d] waiting for read 1\n", getpid_());
403
    AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
404
    if (verbose) fprintf(stderr, "[%d] waiting for read 2\n", getpid_());
405
    AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
406
    TerminateChild();
407
    if (verbose) fprintf(stderr, "[%d] about to exit\n", getpid_());
408
    exit(testing::Test::HasFailure());
409
  }
410
  close(pipefds[1]);
411
  AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
412
  if (verbose) fprintf(stderr, "[%d] got child startup message\n", getpid_());
413
  // Fork again
414
  int doppel = fork();
415
  EXPECT_OK(doppel);
416
  // We now have:
417
  //   pid A: main process, here
418
  //   |--pid B: pdfork()ed process, blocked on read()
419
  //   |--pid C: fork()ed process, in read() above
420
  //   +--pid D: doppel process, here
421

422
  // Both A and D execute the following code.
423
  // First, check no activity on the process descriptor yet.
424
  struct pollfd fdp;
425
  fdp.fd = pd_;
426
  fdp.events = POLLIN | POLLERR | POLLHUP;
427
  fdp.revents = 0;
428
  EXPECT_EQ(0, poll(&fdp, 1, 0));
429

430
  // Both A and D ask C to exit, allowing it to do so.
431
  if (verbose) fprintf(stderr, "[%d] telling child to exit\n", getpid_());
432
  SEND_INT_MESSAGE(pipefds[0], MSG_PARENT_REQUEST_CHILD_EXIT);
433
  close(pipefds[0]);
434

435
  // Now, wait (indefinitely) for activity on the process descriptor.
436
  // We expect:
437
  //  - pid C will finish its two read() calls, write to the pipe and exit.
438
  //  - pid B will unblock from read(), and exit
439
  //  - this will generate an event on the process descriptor...
440
  //  - ...in both process A and process D.
441
  if (verbose) fprintf(stderr, "[%d] waiting for child to exit\n", getpid_());
442
  EXPECT_EQ(1, poll(&fdp, 1, 2000));
443
  EXPECT_TRUE(fdp.revents & POLLHUP);
444

445
  if (doppel == 0) {
446
    // Child: process D exits.
447
    exit(0);
448
  } else {
449
    // Parent: wait on process D.
450
    int rc = 0;
451
    waitpid(doppel, &rc, __WALL);
452
    EXPECT_TRUE(WIFEXITED(rc));
453
    EXPECT_EQ(0, WEXITSTATUS(rc));
454
    // Also wait on process B.
455
    CheckChildFinished(child);
456
  }
457
}
458

459
// Check that exit status/rusage for a dead pdfork()ed child can be retrieved
460
// via any process descriptor, multiple times.
461
TEST_F(PipePdfork, MultipleRetrieveExitStatus) {
462
  EXPECT_PID_ALIVE(pid_);
463
  int pd_copy = dup(pd_);
464
  EXPECT_LT(0, TerminateChild());
465

466
  int status;
467
  struct rusage ru;
468
  memset(&ru, 0, sizeof(ru));
469
  int waitrc = pdwait4_(pd_copy, &status, 0, &ru);
470
  EXPECT_EQ(pid_, waitrc);
471
  if (verbose) {
472
    fprintf(stderr, "For pd %d -> pid %d:\n", pd_, pid_);
473
    print_rusage(stderr, &ru);
474
  }
475
  EXPECT_PID_GONE(pid_);
476

477
#ifdef NOTYET
478
  // Child has been reaped, so original process descriptor dangles but
479
  // still has access to rusage information.
480
  memset(&ru, 0, sizeof(ru));
481
  EXPECT_EQ(0, pdwait4_(pd_, &status, 0, &ru));
482
#endif
483
  close(pd_copy);
484
}
485

486
TEST_F(PipePdfork, ChildExit) {
487
  EXPECT_PID_ALIVE(pid_);
488
  EXPECT_LT(0, TerminateChild());
489
  EXPECT_PID_DEAD(pid_);
490

491
  int status;
492
  int rc = pdwait4_(pd_, &status, 0, NULL);
493
  EXPECT_OK(rc);
494
  EXPECT_EQ(pid_, rc);
495
  pid_ = 0;
496
}
497

498
#ifdef HAVE_PROC_FDINFO
499
TEST_F(PipePdfork, FdInfo) {
500
  char buffer[1024];
501
  sprintf(buffer, "/proc/%d/fdinfo/%d", getpid_(), pd_);
502
  int procfd = open(buffer, O_RDONLY);
503
  EXPECT_OK(procfd);
504

505
  EXPECT_OK(read(procfd, buffer, sizeof(buffer)));
506
  // The fdinfo should include the file pos of the underlying file
507
  EXPECT_NE((char*)NULL, strstr(buffer, "pos:\t0")) << buffer;
508
  // ...and the underlying pid
509
  char pidline[256];
510
  sprintf(pidline, "pid:\t%d", pid_);
511
  EXPECT_NE((char*)NULL, strstr(buffer, pidline)) << buffer;
512
  close(procfd);
513
}
514
#endif
515

516
// Closing a normal process descriptor terminates the underlying process.
517
TEST_F(PipePdfork, Close) {
518
  sighandler_t original = signal(SIGCHLD, handle_signal);
519
  EXPECT_PID_ALIVE(pid_);
520
  int status;
521
  EXPECT_EQ(0, waitpid(pid_, &status, __WALL|WNOHANG));
522

523
  EXPECT_OK(close(pd_));
524
  pd_ = -1;
525
  EXPECT_FALSE(had_signal[SIGCHLD]);
526
  EXPECT_PID_DEAD(pid_);
527

528
#ifdef __FreeBSD__
529
  EXPECT_EQ(-1, waitpid(pid_, NULL, __WALL));
530
  EXPECT_EQ(errno, ECHILD);
531
#else
532
  // Having closed the process descriptor means that pdwait4(pd) now doesn't work.
533
  int rc = pdwait4_(pd_, &status, 0, NULL);
534
  EXPECT_EQ(-1, rc);
535
  EXPECT_EQ(EBADF, errno);
536

537
  // Closing all process descriptors means the the child can only be reaped via pid.
538
  EXPECT_EQ(pid_, waitpid(pid_, &status, __WALL|WNOHANG));
539
#endif
540
  signal(SIGCHLD, original);
541
}
542

543
TEST_F(PipePdfork, CloseLast) {
544
  sighandler_t original = signal(SIGCHLD, handle_signal);
545
  // Child should only die when last process descriptor is closed.
546
  EXPECT_PID_ALIVE(pid_);
547
  int pd_other = dup(pd_);
548

549
  EXPECT_OK(close(pd_));
550
  pd_ = -1;
551

552
  EXPECT_PID_ALIVE(pid_);
553
  int status;
554
  EXPECT_EQ(0, waitpid(pid_, &status, __WALL|WNOHANG));
555

556
  // Can no longer pdwait4() the closed process descriptor...
557
  EXPECT_EQ(-1, pdwait4_(pd_, &status, WNOHANG, NULL));
558
  EXPECT_EQ(EBADF, errno);
559
  // ...but can pdwait4() the still-open process descriptor.
560
  errno = 0;
561
  EXPECT_EQ(0, pdwait4_(pd_other, &status, WNOHANG, NULL));
562
  EXPECT_EQ(0, errno);
563

564
  EXPECT_OK(close(pd_other));
565
  EXPECT_PID_DEAD(pid_);
566

567
  EXPECT_FALSE(had_signal[SIGCHLD]);
568
  signal(SIGCHLD, original);
569
}
570

571
FORK_TEST(Pdfork, OtherUserIfRoot) {
572
  GTEST_SKIP_IF_NOT_ROOT();
573
  int pd;
574
  int status;
575
  pid_t pid = pdfork(&pd, 0);
576
  EXPECT_OK(pid);
577
  if (pid == 0) {
578
    // Child process: loop forever.
579
    while (true) usleep(100000);
580
  }
581
  usleep(100);
582

583
  // Now that the second process has been pdfork()ed, change euid.
584
  ASSERT_NE(0u, other_uid) << "other_uid not initialized correctly, "
585
                              "please pass the -u <uid> flag.";
586
  EXPECT_EQ(0, setuid(other_uid));
587
  EXPECT_EQ(other_uid, getuid());
588
  if (verbose) fprintf(stderr, "uid=%d euid=%d\n", getuid(), geteuid());
589

590
  // Fail to kill child with normal PID operation.
591
  EXPECT_EQ(-1, kill(pid, SIGKILL));
592
  EXPECT_EQ(EPERM, errno);
593
  EXPECT_PID_ALIVE(pid);
594

595
  // Ideally, we should be able to send signals via a process descriptor even
596
  // if it's owned by another user, but this is not implementated on FreeBSD.
597
#ifdef __FreeBSD__
598
  // On FreeBSD, pdkill() still performs all the same checks that kill() does
599
  // and therefore cannot be used to send a signal to a process with another
600
  // UID unless we are root.
601
  EXPECT_SYSCALL_FAIL(EBADF, pdkill(pid, SIGKILL));
602
  EXPECT_PID_ALIVE(pid);
603
  // However, the process will be killed when we close the process descriptor.
604
  EXPECT_OK(close(pd));
605
  EXPECT_PID_GONE(pid);
606
  // Can't pdwait4() after close() since close() reparents the child to a reaper (init)
607
  EXPECT_SYSCALL_FAIL(EBADF, pdwait4_(pd, &status, WNOHANG, NULL));
608
#else
609
  // Sending a signal with pdkill() should be permitted though.
610
  EXPECT_OK(pdkill(pd, SIGKILL));
611
  EXPECT_PID_ZOMBIE(pid);
612

613
  int rc = pdwait4_(pd, &status, WNOHANG, NULL);
614
  EXPECT_OK(rc);
615
  EXPECT_EQ(pid, rc);
616
  EXPECT_TRUE(WIFSIGNALED(status));
617
#endif
618
}
619

620
TEST_F(PipePdfork, WaitPidThenPd) {
621
  TerminateChild();
622
  int status;
623
  // If we waitpid(pid) first...
624
  int rc = waitpid(pid_, &status, __WALL);
625
  EXPECT_OK(rc);
626
  EXPECT_EQ(pid_, rc);
627

628
#ifdef NOTYET
629
  // ...the zombie is reaped but we can still subsequently pdwait4(pd).
630
  EXPECT_EQ(0, pdwait4_(pd_, &status, 0, NULL));
631
#endif
632
}
633

634
TEST_F(PipePdfork, WaitPdThenPid) {
635
  TerminateChild();
636
  int status;
637
  // If we pdwait4(pd) first...
638
  int rc = pdwait4_(pd_, &status, 0, NULL);
639
  EXPECT_OK(rc);
640
  EXPECT_EQ(pid_, rc);
641

642
  // ...the zombie is reaped and cannot subsequently waitpid(pid).
643
  EXPECT_EQ(-1, waitpid(pid_, &status, __WALL));
644
  EXPECT_EQ(ECHILD, errno);
645
}
646

647
// Setting PD_DAEMON prevents close() from killing the child.
648
TEST_F(PipePdforkDaemon, Close) {
649
  EXPECT_OK(close(pd_));
650
  pd_ = -1;
651
  EXPECT_PID_ALIVE(pid_);
652

653
  // Can still explicitly kill it via the pid.
654
  if (pid_ > 0) {
655
    EXPECT_OK(kill(pid_, SIGKILL));
656
    EXPECT_PID_DEAD(pid_);
657
  }
658
}
659

660
static void TestPdkill(pid_t pid, int pd) {
661
  EXPECT_PID_ALIVE(pid);
662
  // SIGCONT is ignored by default.
663
  EXPECT_OK(pdkill(pd, SIGCONT));
664
  EXPECT_PID_ALIVE(pid);
665

666
  // SIGINT isn't
667
  EXPECT_OK(pdkill(pd, SIGINT));
668
  EXPECT_PID_DEAD(pid);
669

670
  // pdkill() on zombie is no-op.
671
  errno = 0;
672
  EXPECT_EQ(0, pdkill(pd, SIGINT));
673
  EXPECT_EQ(0, errno);
674

675
  // pdkill() on reaped process gives -ESRCH.
676
  CheckChildFinished(pid, true);
677
  EXPECT_EQ(-1, pdkill(pd, SIGINT));
678
  EXPECT_EQ(ESRCH, errno);
679
}
680

681
TEST_F(PipePdfork, Pdkill) {
682
  TestPdkill(pid_, pd_);
683
}
684

685
TEST_F(PipePdforkDaemon, Pdkill) {
686
  TestPdkill(pid_, pd_);
687
}
688

689
TEST(Pdfork, PdkillOtherSignal) {
690
  int pd = -1;
691
  int pipefds[2];
692
  EXPECT_EQ(0, pipe(pipefds));
693
  int pid = pdfork(&pd, 0);
694
  EXPECT_OK(pid);
695
  if (pid == 0) {
696
    // Child: tell the parent that we have started before entering the loop,
697
    // and importantly only do so once we have registered the SIGUSR1 handler.
698
    close(pipefds[0]);
699
    clear_had_signals();
700
    signal(SIGUSR1, handle_signal);
701
    SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
702
    // Child: watch for SIGUSR1 forever.
703
    while (!had_signal[SIGUSR1]) {
704
      usleep(100000);
705
    }
706
    exit(123);
707
  }
708
  // Wait for child to start
709
  close(pipefds[1]);
710
  AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
711
  close(pipefds[0]);
712

713
  // Send an invalid signal.
714
  EXPECT_EQ(-1, pdkill(pd, 0xFFFF));
715
  EXPECT_EQ(EINVAL, errno);
716

717
  // Send an expected SIGUSR1 to the pdfork()ed child.
718
  EXPECT_PID_ALIVE(pid);
719
  pdkill(pd, SIGUSR1);
720
  EXPECT_PID_DEAD(pid);
721

722
  // Child's exit status confirms whether it received the signal.
723
  int status;
724
  int rc = waitpid(pid, &status, __WALL);
725
  EXPECT_OK(rc);
726
  EXPECT_EQ(pid, rc);
727
  EXPECT_TRUE(WIFEXITED(status)) << "status: 0x" << std::hex << status;
728
  EXPECT_EQ(123, WEXITSTATUS(status));
729
}
730

731
pid_t PdforkParentDeath(int pdfork_flags) {
732
  // Set up:
733
  //   pid A: main process, here
734
  //   +--pid B: fork()ed process, starts a child process with pdfork() then
735
  //             waits for parent to send a shutdown message.
736
  //      +--pid C: pdfork()ed process, looping forever
737
  int sock_fds[2];
738
  EXPECT_OK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds));
739
  if (verbose) fprintf(stderr, "[%d] parent about to fork()...\n", getpid_());
740
  pid_t child = fork();
741
  EXPECT_OK(child);
742
  if (child == 0) {
743
    int pd;
744
    if (verbose) fprintf(stderr, "  [%d] child about to pdfork()...\n", getpid_());
745
    int pipefds[2]; // for startup notification
746
    EXPECT_OK(pipe(pipefds));
747
    pid_t grandchild = pdfork(&pd, pdfork_flags);
748
    if (grandchild == 0) {
749
      close(pipefds[0]);
750
      pid_t grandchildPid = getpid_();
751
      EXPECT_EQ(sizeof(grandchildPid), (size_t)write(pipefds[1], &grandchildPid, sizeof(grandchildPid)));
752
      while (true) {
753
        if (verbose) fprintf(stderr, "    [%d] grandchild: \"I aten't dead\"\n", grandchildPid);
754
        sleep(1);
755
      }
756
    }
757
    close(pipefds[1]);
758
    if (verbose) fprintf(stderr, "  [%d] pdfork()ed grandchild %d, sending ID to parent\n", getpid_(), grandchild);
759
    // Wait for grandchild to start.
760
    pid_t grandchild2;
761
    EXPECT_EQ(sizeof(grandchild2), (size_t)read(pipefds[0], &grandchild2, sizeof(grandchild2)));
762
    EXPECT_EQ(grandchild, grandchild2) << "received invalid grandchild pid";
763
    if (verbose) fprintf(stderr, "  [%d] grandchild %d has started successfully\n", getpid_(), grandchild);
764
    close(pipefds[0]);
765

766
    // Send grandchild pid to parent.
767
    EXPECT_EQ(sizeof(grandchild), (size_t)write(sock_fds[1], &grandchild, sizeof(grandchild)));
768
    if (verbose) fprintf(stderr, "  [%d] sent grandchild pid %d to parent\n", getpid_(), grandchild);
769
    // Wait for parent to acknowledge the message.
770
    AWAIT_INT_MESSAGE(sock_fds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
771
    if (verbose) fprintf(stderr, "  [%d] parent acknowledged grandchild pid %d\n", getpid_(), grandchild);
772
    if (verbose) fprintf(stderr, "  [%d] child terminating\n", getpid_());
773
    exit(testing::Test::HasFailure());
774
  }
775
  if (verbose) fprintf(stderr, "[%d] fork()ed child is %d\n", getpid_(), child);
776
  pid_t grandchild;
777
  read(sock_fds[0], &grandchild, sizeof(grandchild));
778
  if (verbose) fprintf(stderr, "[%d] received grandchild id %d\n", getpid_(), grandchild);
779
  EXPECT_PID_ALIVE(child);
780
  EXPECT_PID_ALIVE(grandchild);
781
  // Tell child to exit.
782
  if (verbose) fprintf(stderr, "[%d] telling child %d to exit\n", getpid_(), child);
783
  SEND_INT_MESSAGE(sock_fds[0], MSG_PARENT_REQUEST_CHILD_EXIT);
784
  // Child dies, closing its process descriptor for the grandchild.
785
  EXPECT_PID_DEAD(child);
786
  CheckChildFinished(child);
787
  return grandchild;
788
}
789

790
TEST(Pdfork, Bagpuss) {
791
  // "And of course when Bagpuss goes to sleep, all his friends go to sleep too"
792
  pid_t grandchild = PdforkParentDeath(0);
793
  // By default: child death => closed process descriptor => grandchild death.
794
  EXPECT_PID_DEAD(grandchild);
795
}
796

797
TEST(Pdfork, BagpussDaemon) {
798
  pid_t grandchild = PdforkParentDeath(PD_DAEMON);
799
  // With PD_DAEMON: child death => closed process descriptor => no effect on grandchild.
800
  EXPECT_PID_ALIVE(grandchild);
801
  if (grandchild > 0) {
802
    EXPECT_OK(kill(grandchild, SIGKILL));
803
  }
804
}
805

806
// The exit of a pdfork()ed process should not generate SIGCHLD.
807
TEST_F(PipePdfork, NoSigchld) {
808
  clear_had_signals();
809
  sighandler_t original = signal(SIGCHLD, handle_signal);
810
  TerminateChild();
811
  int rc = 0;
812
  // Can waitpid() for the specific pid of the pdfork()ed child.
813
  EXPECT_EQ(pid_, waitpid(pid_, &rc, __WALL));
814
  EXPECT_TRUE(WIFEXITED(rc)) << "0x" << std::hex << rc;
815
  EXPECT_FALSE(had_signal[SIGCHLD]);
816
  signal(SIGCHLD, original);
817
}
818

819
// The exit of a pdfork()ed process whose process descriptors have
820
// all been closed should generate SIGCHLD.  The child process needs
821
// PD_DAEMON to survive the closure of the process descriptors.
822
TEST_F(PipePdforkDaemon, NoPDSigchld) {
823
  clear_had_signals();
824
  sighandler_t original = signal(SIGCHLD, handle_signal);
825

826
  EXPECT_OK(close(pd_));
827
  TerminateChild();
828
#ifdef __FreeBSD__
829
  EXPECT_EQ(-1, waitpid(pid_, NULL, __WALL));
830
  EXPECT_EQ(errno, ECHILD);
831
#else
832
  int rc = 0;
833
  // Can waitpid() for the specific pid of the pdfork()ed child.
834
  EXPECT_EQ(pid_, waitpid(pid_, &rc, __WALL));
835
  EXPECT_TRUE(WIFEXITED(rc)) << "0x" << std::hex << rc;
836
#endif
837
  EXPECT_FALSE(had_signal[SIGCHLD]);
838
  signal(SIGCHLD, original);
839
}
840

841
#ifdef HAVE_PROCDESC_FSTAT
842
TEST_F(PipePdfork, ModeBits) {
843
  // Owner rwx bits indicate liveness of child
844
  struct stat stat;
845
  memset(&stat, 0, sizeof(stat));
846
  EXPECT_OK(fstat(pd_, &stat));
847
  if (verbose) print_stat(stderr, &stat);
848
  EXPECT_EQ(S_IRWXU, (long)(stat.st_mode & S_IRWXU));
849

850
  TerminateChild();
851
  usleep(100000);
852

853
  memset(&stat, 0, sizeof(stat));
854
  EXPECT_OK(fstat(pd_, &stat));
855
  if (verbose) print_stat(stderr, &stat);
856
  EXPECT_EQ(0, (int)(stat.st_mode & S_IRWXU));
857
}
858
#endif
859

860
TEST_F(PipePdfork, WildcardWait) {
861
  TerminateChild();
862
  EXPECT_PID_ZOMBIE(pid_);  // Ensure child is truly dead.
863

864
  // Wildcard waitpid(-1) should not see the pdfork()ed child because
865
  // there is still a process descriptor for it.
866
  int rc;
867
  EXPECT_EQ(-1, waitpid(-1, &rc, WNOHANG));
868
  EXPECT_EQ(ECHILD, errno);
869

870
  EXPECT_OK(close(pd_));
871
  pd_ = -1;
872
}
873

874
FORK_TEST(Pdfork, Pdkill) {
875
  clear_had_signals();
876
  int pd;
877
  int pipefds[2];
878
  EXPECT_OK(pipe(pipefds));
879
  pid_t pid = pdfork(&pd, 0);
880
  EXPECT_OK(pid);
881

882
  if (pid == 0) {
883
    // Child: set a SIGINT handler, notify the parent and sleep.
884
    close(pipefds[0]);
885
    clear_had_signals();
886
    signal(SIGINT, handle_signal);
887
    if (verbose) fprintf(stderr, "[%d] child started\n", getpid_());
888
    SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
889
    if (verbose) fprintf(stderr, "[%d] child about to sleep(10)\n", getpid_());
890
    // Note: we could receive the SIGINT just before sleep(), so we use a loop
891
    // with a short delay instead of one long sleep().
892
    for (int i = 0; i < 50 && !had_signal[SIGINT]; i++) {
893
      usleep(100000);
894
    }
895
    if (verbose) fprintf(stderr, "[%d] child slept, had[SIGINT]=%d\n",
896
                         getpid_(), (int)had_signal[SIGINT]);
897
    // Return non-zero if we didn't see SIGINT.
898
    exit(had_signal[SIGINT] ? 0 : 99);
899
  }
900

901
  // Parent: get child's PID.
902
  pid_t pd_pid;
903
  EXPECT_OK(pdgetpid(pd, &pd_pid));
904
  EXPECT_EQ(pid, pd_pid);
905

906
  // Interrupt the child once it's registered the SIGINT handler.
907
  close(pipefds[1]);
908
  if (verbose) fprintf(stderr, "[%d] waiting for child\n", getpid_());
909
  AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
910
  EXPECT_OK(pdkill(pd, SIGINT));
911
  if (verbose) fprintf(stderr, "[%d] sent SIGINT\n", getpid_());
912

913
  // Make sure the child finished properly (caught signal then exited).
914
  CheckChildFinished(pid);
915
}
916

917
FORK_TEST(Pdfork, PdkillSignal) {
918
  int pd;
919
  int pipefds[2];
920
  EXPECT_OK(pipe(pipefds));
921
  pid_t pid = pdfork(&pd, 0);
922
  EXPECT_OK(pid);
923

924
  if (pid == 0) {
925
    close(pipefds[0]);
926
    if (verbose) fprintf(stderr, "[%d] child started\n", getpid_());
927
    SEND_INT_MESSAGE(pipefds[1], MSG_CHILD_STARTED);
928
    // Child: wait for shutdown message. No SIGINT handler. The message should
929
    // never be received, since SIGINT should terminate the process.
930
    if (verbose) fprintf(stderr, "[%d] child about to read()\n", getpid_());
931
    AWAIT_INT_MESSAGE(pipefds[1], MSG_PARENT_REQUEST_CHILD_EXIT);
932
    fprintf(stderr, "[%d] child read() returned unexpectedly\n", getpid_());
933
    exit(99);
934
  }
935
  // Wait for child to start before signalling.
936
  if (verbose) fprintf(stderr, "[%d] waiting for child\n", getpid_());
937
  close(pipefds[1]);
938
  AWAIT_INT_MESSAGE(pipefds[0], MSG_CHILD_STARTED);
939
  // Kill the child (as it doesn't handle SIGINT).
940
  if (verbose) fprintf(stderr, "[%d] sending SIGINT\n", getpid_());
941
  EXPECT_OK(pdkill(pd, SIGINT));
942

943
  // Make sure the child finished properly (terminated by signal).
944
  CheckChildFinished(pid, true);
945
}
946

947
//------------------------------------------------
948
// Test interactions with other parts of Capsicum:
949
//  - capability mode
950
//  - capabilities
951

952
FORK_TEST(Pdfork, DaemonUnrestricted) {
953
  EXPECT_OK(cap_enter());
954
  int fd;
955

956
  // Capability mode leaves pdfork() available, with and without flag.
957
  int rc;
958
  rc = pdfork(&fd, PD_DAEMON);
959
  EXPECT_OK(rc);
960
  if (rc == 0) {
961
    // Child: immediately terminate.
962
    exit(0);
963
  }
964

965
  rc = pdfork(&fd, 0);
966
  EXPECT_OK(rc);
967
  if (rc == 0) {
968
    // Child: immediately terminate.
969
    exit(0);
970
  }
971
}
972

973
TEST(Pdfork, MissingRights) {
974
  pid_t parent = getpid_();
975
  int pd = -1;
976
  pid_t pid = pdfork(&pd, 0);
977
  EXPECT_OK(pid);
978
  if (pid == 0) {
979
    // Child: loop forever.
980
    EXPECT_NE(parent, getpid_());
981
    while (true) sleep(1);
982
  }
983
  // Create two capabilities from the process descriptor.
984
  cap_rights_t r_ro;
985
  cap_rights_init(&r_ro, CAP_READ, CAP_LOOKUP);
986
  int cap_incapable = dup(pd);
987
  EXPECT_OK(cap_incapable);
988
  EXPECT_OK(cap_rights_limit(cap_incapable, &r_ro));
989
  cap_rights_t r_pdall;
990
  cap_rights_init(&r_pdall, CAP_PDGETPID, CAP_PDWAIT, CAP_PDKILL);
991
  int cap_capable = dup(pd);
992
  EXPECT_OK(cap_capable);
993
  EXPECT_OK(cap_rights_limit(cap_capable, &r_pdall));
994

995
  pid_t other_pid;
996
  EXPECT_NOTCAPABLE(pdgetpid(cap_incapable, &other_pid));
997
  EXPECT_NOTCAPABLE(pdkill(cap_incapable, SIGINT));
998
  int status;
999
  EXPECT_NOTCAPABLE(pdwait4_(cap_incapable, &status, 0, NULL));
1000

1001
  EXPECT_OK(pdgetpid(cap_capable, &other_pid));
1002
  EXPECT_EQ(pid, other_pid);
1003
  EXPECT_OK(pdkill(cap_capable, SIGINT));
1004
  int rc = pdwait4_(pd, &status, 0, NULL);
1005
  EXPECT_OK(rc);
1006
  EXPECT_EQ(pid, rc);
1007
}
1008

1009

1010
//------------------------------------------------
1011
// Passing process descriptors between processes.
1012

1013
TEST_F(PipePdfork, PassProcessDescriptor) {
1014
  int sock_fds[2];
1015
  EXPECT_OK(socketpair(AF_UNIX, SOCK_STREAM, 0, sock_fds));
1016

1017
  struct msghdr mh;
1018
  mh.msg_name = NULL;  // No address needed
1019
  mh.msg_namelen = 0;
1020
  char buffer1[1024];
1021
  struct iovec iov[1];
1022
  iov[0].iov_base = buffer1;
1023
  iov[0].iov_len = sizeof(buffer1);
1024
  mh.msg_iov = iov;
1025
  mh.msg_iovlen = 1;
1026
  char buffer2[1024];
1027
  mh.msg_control = buffer2;
1028
  mh.msg_controllen = sizeof(buffer2);
1029
  struct cmsghdr *cmptr;
1030

1031
  if (verbose) fprintf(stderr, "[%d] about to fork()\n", getpid_());
1032
  pid_t child2 = fork();
1033
  if (child2 == 0) {
1034
    // Child: close our copy of the original process descriptor.
1035
    close(pd_);
1036
    SEND_INT_MESSAGE(sock_fds[0], MSG_CHILD_STARTED);
1037
    // Child: wait to receive process descriptor over socket
1038
    if (verbose) fprintf(stderr, "  [%d] child of %d waiting for process descriptor on socket\n", getpid_(), getppid());
1039
    int rc = recvmsg(sock_fds[0], &mh, 0);
1040
    EXPECT_OK(rc);
1041
    EXPECT_LE(CMSG_LEN(sizeof(int)), mh.msg_controllen);
1042
    cmptr = CMSG_FIRSTHDR(&mh);
1043
    int pd = *(int*)CMSG_DATA(cmptr);
1044
    EXPECT_EQ(CMSG_LEN(sizeof(int)), cmptr->cmsg_len);
1045
    cmptr = CMSG_NXTHDR(&mh, cmptr);
1046
    EXPECT_TRUE(cmptr == NULL);
1047
    if (verbose) fprintf(stderr, "  [%d] got process descriptor %d on socket\n", getpid_(), pd);
1048
    SEND_INT_MESSAGE(sock_fds[0], MSG_CHILD_FD_RECEIVED);
1049

1050
    // Child: confirm we can do pd*() operations on the process descriptor
1051
    pid_t other;
1052
    EXPECT_OK(pdgetpid(pd, &other));
1053
    if (verbose) fprintf(stderr, "  [%d] process descriptor %d is pid %d\n", getpid_(), pd, other);
1054

1055
    // Wait until the parent has closed the process descriptor.
1056
    AWAIT_INT_MESSAGE(sock_fds[0], MSG_PARENT_CLOSED_FD);
1057

1058
    if (verbose) fprintf(stderr, "  [%d] close process descriptor %d\n", getpid_(), pd);
1059
    close(pd);
1060

1061
    // Last process descriptor closed, expect death
1062
    EXPECT_PID_DEAD(other);
1063

1064
    exit(HasFailure());
1065
  }
1066
  // Wait until the child has started.
1067
  AWAIT_INT_MESSAGE(sock_fds[1], MSG_CHILD_STARTED);
1068

1069
  // Send the process descriptor over the pipe to the sub-process
1070
  mh.msg_controllen = CMSG_LEN(sizeof(int));
1071
  cmptr = CMSG_FIRSTHDR(&mh);
1072
  cmptr->cmsg_level = SOL_SOCKET;
1073
  cmptr->cmsg_type = SCM_RIGHTS;
1074
  cmptr->cmsg_len = CMSG_LEN(sizeof(int));
1075
  *(int *)CMSG_DATA(cmptr) = pd_;
1076
  buffer1[0] = 0;
1077
  iov[0].iov_len = 1;
1078
  if (verbose) fprintf(stderr, "[%d] send process descriptor %d on socket\n", getpid_(), pd_);
1079
  int rc = sendmsg(sock_fds[1], &mh, 0);
1080
  EXPECT_OK(rc);
1081
  // Wait until the child has received the process descriptor.
1082
  AWAIT_INT_MESSAGE(sock_fds[1], MSG_CHILD_FD_RECEIVED);
1083

1084
  if (verbose) fprintf(stderr, "[%d] close process descriptor %d\n", getpid_(), pd_);
1085
  close(pd_);  // Not last open process descriptor
1086
  SEND_INT_MESSAGE(sock_fds[1], MSG_PARENT_CLOSED_FD);
1087

1088
  // wait for child2
1089
  int status;
1090
  EXPECT_EQ(child2, waitpid(child2, &status, __WALL));
1091
  rc = WIFEXITED(status) ? WEXITSTATUS(status) : -1;
1092
  EXPECT_EQ(0, rc);
1093

1094
  // confirm death all round
1095
  EXPECT_PID_DEAD(child2);
1096
  EXPECT_PID_DEAD(pid_);
1097
}
1098

1099