Reset create_pid after waitpid to prevent signaling unrelated processes

After the synchronous waitpid(create_pid) succeeds, create_pid was
never reset to -1. If the PID was later reused by another process,
on_sig_exit() would send SIGTERM to that unrelated process.

Resolves: RHEL-178025
This commit is contained in:
Jindrich Novy
2026-06-22 13:31:56 +02:00
parent f90380454e
commit b559f6c8ca
2 changed files with 39 additions and 1 deletions
+7 -1
View File
@@ -17,11 +17,13 @@ Name: conmon
Epoch: 3
Version: 2.2.1
License: Apache-2.0
Release: 1%{?dist}
Release: 2%{?dist}
Summary: OCI container runtime monitor
URL: https://github.com/containers/%{name}
# Tarball fetched from upstream
Source0: %{url}/archive/v%{version}.tar.gz
# https://github.com/containers/conmon/pull/659
Patch0001: 0001-Reset-create_pid-after-waitpid-to-prevent-signaling-.patch
%if %{with docs}
BuildRequires: go-md2man
%endif
@@ -70,6 +72,10 @@ sed -i 's/install.bin: bin\/conmon/install.bin:/' Makefile
%endif
%changelog
* Mon Jun 22 2026 Jindrich Novy <jnovy@redhat.com> - 3:2.2.1-2
- reset create_pid after waitpid to prevent signaling unrelated processes
- Resolves: RHEL-178025
* Thu Feb 12 2026 Jindrich Novy <jnovy@redhat.com> - 3:2.2.1-1
- update to https://github.com/containers/conmon/releases/tag/v2.2.1
- enable RELRO