log when mox root process cannot forward signals to unprivileged child

and give the mox.service permissions to send such signals.
2024-12-26 08:23:48 +03:00 · 2024-11-21 21:59:36 +01:00 · 2024-11-21 21:59:36 +01:00 · 32d4e9a14c
commit 32d4e9a14c
parent 3d4cd00430
2 changed files with 6 additions and 3 deletions
--- a/mox-/forkexec_unix.go
+++ b/mox-/forkexec_unix.go
@ -59,8 +59,11 @@ func ForkExecUnprivileged() {
 	sigc := make(chan os.Signal, 1)
 	signal.Notify(sigc, os.Interrupt, syscall.SIGTERM)
 	go func() {
 		for {
 			sig := <-sigc
-		p.Signal(sig)
+			err := p.Signal(sig)
 			pkglog.Check(err, "forwarding signal root to unprivileged process")
 		}
 	}()
 	st, err := p.Wait()
--- a/mox.service
+++ b/mox.service
@ -23,7 +23,7 @@ ReadWritePaths=/home/mox/config /home/mox/data
 ProtectKernelTunables=yes
 ProtectControlGroups=yes
 AmbientCapabilities=
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FSETID CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FSETID CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_KILL
 NoNewPrivileges=yes
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
 ProtectProc=invisible