From 7112e4f6c6e8174827e25776303e078add561a4c Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 26 Jul 2015 20:41:43 -0400
Subject: [PATCH] BF: kill the entire process group upon timeout (Close #1129)

Requires also establishing a new process group for a child
process, which changes previous behavior
---
 fail2ban/server/action.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
index 60cb00e4..c58fde2c 100644
--- a/fail2ban/server/action.py
+++ b/fail2ban/server/action.py
@@ -565,7 +565,9 @@ class CommandAction(ActionBase):
 			stderr = tempfile.TemporaryFile(suffix=".stderr", prefix="fai2ban_")
 			try:
 				popen = subprocess.Popen(
-					realCmd, stdout=stdout, stderr=stderr, shell=True)
+					realCmd, stdout=stdout, stderr=stderr, shell=True,
+					preexec_fn=os.setsid  # so that killpg does not kill our process
+				)
 				stime = time.time()
 				retcode = popen.poll()
 				while time.time() - stime <= timeout and retcode is None:
@@ -574,11 +576,12 @@ class CommandAction(ActionBase):
 				if retcode is None:
 					logSys.error("%s -- timed out after %i seconds." %
 						(realCmd, timeout))
-					os.kill(popen.pid, signal.SIGTERM) # Terminate the process
+					pgid = os.getpgid(popen.pid)
+					os.killpg(pgid, signal.SIGTERM)  # Terminate the process
 					time.sleep(0.1)
 					retcode = popen.poll()
 					if retcode is None: # Still going...
-						os.kill(popen.pid, signal.SIGKILL) # Kill the process
+						os.killpg(pgid, signal.SIGKILL)  # Kill the process
 						time.sleep(0.1)
 						retcode = popen.poll()
 			except OSError, e: