Merge pull request #943 from cgwalters/cmd-pdeathsig

Cmd pdeathsig
2026-02-05 15:45:53 +01:00 · 2024-12-10 09:49:41 -05:00
parent dcd3373a25 479cbcad65
commit f34e5dd22c
7 changed files with 30 additions and 8 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -210,6 +210,7 @@ name = "bootc-utils"
 version = "0.0.0"
 dependencies = [
 "anyhow",
+ "rustix",
 "serde",
 "serde_json",
 "similar-asserts",
@@ -1417,6 +1418,7 @@ name = "ostree-ext"
 version = "0.15.3"
 dependencies = [
 "anyhow",
+ "bootc-utils",
 "camino",
 "cap-std-ext",
 "chrono",
--- a/lib/src/install.rs
+++ b/lib/src/install.rs
@@ -840,7 +840,8 @@ async fn install_container(
 /// Run a command in the host mount namespace
 pub(crate) fn run_in_host_mountns(cmd: &str) -> Command {
    let mut c = Command::new("/proc/self/exe");
-    c.args(["exec-in-host-mount-namespace", cmd]);
+    c.lifecycle_bind()
+        .args(["exec-in-host-mount-namespace", cmd]);
    c
 }

--- a/lib/src/utils.rs
+++ b/lib/src/utils.rs
@@ -5,6 +5,7 @@ use std::process::Command;
 use std::time::Duration;

 use anyhow::{Context, Result};
+use bootc_utils::CommandRunExt;
 #[cfg(feature = "install")]
 use camino::Utf8Path;
 use cap_std_ext::cap_std::fs::Dir;
@@ -116,15 +117,12 @@ pub(crate) fn spawn_editor(tmpf: &tempfile::NamedTempFile) -> Result<()> {
    let argv0 = editor_args
        .next()
        .ok_or_else(|| anyhow::anyhow!("Invalid editor: {editor}"))?;
-    let status = Command::new(argv0)
+    Command::new(argv0)
        .args(editor_args)
        .arg(tmpf.path())
-        .status()
-        .context("Spawning editor")?;
-    if !status.success() {
-        anyhow::bail!("Invoking editor: {editor} failed: {status:?}");
-    }
-    Ok(())
+        .lifecycle_bind()
+        .run()
+        .with_context(|| format!("Invoking editor {editor} failed"))
 }

 /// Convert a combination of values (likely from CLI parsing) into a signature source
--- a/ostree-ext/Cargo.toml
+++ b/ostree-ext/Cargo.toml
@@ -19,6 +19,7 @@ ostree = { features = ["v2022_6"], version = "0.19.0" }

 # Private dependencies
 anyhow = { workspace = true }
+bootc-utils = { path = "../utils" }
 camino = { workspace = true, features = ["serde1"] }
 chrono = { workspace = true }
 olpc-cjson = "0.1.1"
--- a/ostree-ext/src/container/deploy.rs
+++ b/ostree-ext/src/container/deploy.rs
@@ -5,6 +5,7 @@ use std::os::fd::BorrowedFd;
 use std::process::Command;

 use anyhow::Result;
+use bootc_utils::CommandRunExt;
 use cap_std_ext::cmdext::CapStdExtCommandExt;
 use fn_error_context::context;
 use ocidir::cap_std::fs::Dir;
@@ -148,6 +149,7 @@ pub async fn deploy(
            let st = Command::new("/proc/self/exe")
                .args(["internals", "bootc-install-completion", ".", stateroot])
                .cwd_dir(sysroot_dir.try_clone()?)
+                .lifecycle_bind()
                .status()?;
            if !st.success() {
                anyhow::bail!("Failed to complete bootc install");
--- a/utils/Cargo.toml
+++ b/utils/Cargo.toml
@@ -8,6 +8,7 @@ repository = "https://github.com/containers/bootc"

 [dependencies]
 anyhow = { workspace = true }
+rustix = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 tempfile = { workspace = true }
--- a/utils/src/command.rs
+++ b/utils/src/command.rs
@@ -2,6 +2,7 @@

 use std::{
    io::{Read, Seek},
+    os::unix::process::CommandExt,
    process::Command,
 };

@@ -15,6 +16,9 @@ pub trait CommandRunExt {
    /// Execute the child process.
    fn run(&mut self) -> Result<()>;

+    /// Ensure the child does not outlive the parent.
+    fn lifecycle_bind(&mut self) -> &mut Self;
+
    /// Execute the child process and capture its output. This uses `run` internally
    /// and will return an error if the child process exits abnormally.
    fn run_get_output(&mut self) -> Result<Box<dyn std::io::BufRead>>;
@@ -84,6 +88,19 @@ impl CommandRunExt for Command {
        self.status()?.check_status(stderr)
    }

+    #[allow(unsafe_code)]
+    fn lifecycle_bind(&mut self) -> &mut Self {
+        // SAFETY: This API is safe to call in a forked child.
+        unsafe {
+            self.pre_exec(|| {
+                rustix::process::set_parent_process_death_signal(Some(
+                    rustix::process::Signal::Term,
+                ))
+                .map_err(Into::into)
+            })
+        }
+    }
+
    /// Output a debug-level log message with this command.
    fn log_debug(&mut self) -> &mut Self {
        // We unconditionally log at trace level, so avoid double logging