From af207a0d5c05aa9d64812f8fac5961efe3fa9f48 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 6 Dec 2024 16:18:19 -0500 Subject: [PATCH 1/2] utils: Add a lifecycle_bind helper for Command In almost all children we fork, we want the child to reliably exit if we do (e.g. especially if we panic). The Linux PR_SET_PDEATHSIG is just great for this. Signed-off-by: Colin Walters --- Cargo.lock | 2 ++ lib/src/install.rs | 3 ++- lib/src/utils.rs | 2 ++ ostree-ext/Cargo.toml | 1 + ostree-ext/src/container/deploy.rs | 2 ++ utils/Cargo.toml | 1 + utils/src/command.rs | 17 +++++++++++++++++ 7 files changed, 27 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 9af198b62..54a998ab4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -210,6 +210,7 @@ name = "bootc-utils" version = "0.0.0" dependencies = [ "anyhow", + "rustix", "serde", "serde_json", "similar-asserts", @@ -1417,6 +1418,7 @@ name = "ostree-ext" version = "0.15.3" dependencies = [ "anyhow", + "bootc-utils", "camino", "cap-std-ext", "chrono", diff --git a/lib/src/install.rs b/lib/src/install.rs index 368794ef0..8587be138 100644 --- a/lib/src/install.rs +++ b/lib/src/install.rs @@ -840,7 +840,8 @@ async fn install_container( /// Run a command in the host mount namespace pub(crate) fn run_in_host_mountns(cmd: &str) -> Command { let mut c = Command::new("/proc/self/exe"); - c.args(["exec-in-host-mount-namespace", cmd]); + c.lifecycle_bind() + .args(["exec-in-host-mount-namespace", cmd]); c } diff --git a/lib/src/utils.rs b/lib/src/utils.rs index 5d0a27c76..e8a3481d2 100644 --- a/lib/src/utils.rs +++ b/lib/src/utils.rs @@ -5,6 +5,7 @@ use std::process::Command; use std::time::Duration; use anyhow::{Context, Result}; +use bootc_utils::CommandRunExt; #[cfg(feature = "install")] use camino::Utf8Path; use cap_std_ext::cap_std::fs::Dir; @@ -119,6 +120,7 @@ pub(crate) fn spawn_editor(tmpf: &tempfile::NamedTempFile) -> Result<()> { let status = Command::new(argv0) .args(editor_args) .arg(tmpf.path()) + .lifecycle_bind() .status() .context("Spawning editor")?; if !status.success() { diff --git a/ostree-ext/Cargo.toml b/ostree-ext/Cargo.toml index 51ff650cb..f330b1de7 100644 --- a/ostree-ext/Cargo.toml +++ b/ostree-ext/Cargo.toml @@ -19,6 +19,7 @@ ostree = { features = ["v2022_6"], version = "0.19.0" } # Private dependencies anyhow = { workspace = true } +bootc-utils = { path = "../utils" } camino = { workspace = true, features = ["serde1"] } chrono = { workspace = true } olpc-cjson = "0.1.1" diff --git a/ostree-ext/src/container/deploy.rs b/ostree-ext/src/container/deploy.rs index 09627cedf..dd5a4cad7 100644 --- a/ostree-ext/src/container/deploy.rs +++ b/ostree-ext/src/container/deploy.rs @@ -5,6 +5,7 @@ use std::os::fd::BorrowedFd; use std::process::Command; use anyhow::Result; +use bootc_utils::CommandRunExt; use cap_std_ext::cmdext::CapStdExtCommandExt; use fn_error_context::context; use ocidir::cap_std::fs::Dir; @@ -148,6 +149,7 @@ pub async fn deploy( let st = Command::new("/proc/self/exe") .args(["internals", "bootc-install-completion", ".", stateroot]) .cwd_dir(sysroot_dir.try_clone()?) + .lifecycle_bind() .status()?; if !st.success() { anyhow::bail!("Failed to complete bootc install"); diff --git a/utils/Cargo.toml b/utils/Cargo.toml index 9d002e78f..6aeda593d 100644 --- a/utils/Cargo.toml +++ b/utils/Cargo.toml @@ -8,6 +8,7 @@ repository = "https://github.com/containers/bootc" [dependencies] anyhow = { workspace = true } +rustix = { workspace = true } serde = { workspace = true, features = ["derive"] } serde_json = { workspace = true } tempfile = { workspace = true } diff --git a/utils/src/command.rs b/utils/src/command.rs index d84000515..3db7d86fd 100644 --- a/utils/src/command.rs +++ b/utils/src/command.rs @@ -2,6 +2,7 @@ use std::{ io::{Read, Seek}, + os::unix::process::CommandExt, process::Command, }; @@ -15,6 +16,9 @@ pub trait CommandRunExt { /// Execute the child process. fn run(&mut self) -> Result<()>; + /// Ensure the child does not outlive the parent. + fn lifecycle_bind(&mut self) -> &mut Self; + /// Execute the child process and capture its output. This uses `run` internally /// and will return an error if the child process exits abnormally. fn run_get_output(&mut self) -> Result>; @@ -84,6 +88,19 @@ impl CommandRunExt for Command { self.status()?.check_status(stderr) } + #[allow(unsafe_code)] + fn lifecycle_bind(&mut self) -> &mut Self { + // SAFETY: This API is safe to call in a forked child. + unsafe { + self.pre_exec(|| { + rustix::process::set_parent_process_death_signal(Some( + rustix::process::Signal::Term, + )) + .map_err(Into::into) + }) + } + } + /// Output a debug-level log message with this command. fn log_debug(&mut self) -> &mut Self { // We unconditionally log at trace level, so avoid double logging From 479cbcad65b1cb037f506ed87012486c6efa63e2 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 6 Dec 2024 16:26:09 -0500 Subject: [PATCH 2/2] utils: Use `run` helper for editor I just happened to glance at this code, this gives us stderr in the error, etc. Signed-off-by: Colin Walters --- lib/src/utils.rs | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/lib/src/utils.rs b/lib/src/utils.rs index e8a3481d2..525b1e70e 100644 --- a/lib/src/utils.rs +++ b/lib/src/utils.rs @@ -117,16 +117,12 @@ pub(crate) fn spawn_editor(tmpf: &tempfile::NamedTempFile) -> Result<()> { let argv0 = editor_args .next() .ok_or_else(|| anyhow::anyhow!("Invalid editor: {editor}"))?; - let status = Command::new(argv0) + Command::new(argv0) .args(editor_args) .arg(tmpf.path()) .lifecycle_bind() - .status() - .context("Spawning editor")?; - if !status.success() { - anyhow::bail!("Invoking editor: {editor} failed: {status:?}"); - } - Ok(()) + .run() + .with_context(|| format!("Invoking editor {editor} failed")) } /// Convert a combination of values (likely from CLI parsing) into a signature source